{"report_id":"7f050b1f-5fe2-4459-9448-1585e0861f3c","version":6,"status":"done","tags":[],"date":"2025-12-13T10:28:03Z","url":{"schema":"http","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"104.21.62.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"title":"shadowforum | #1 Syndicated Blackhat Forum","dom":{"size":649,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (649), with no line terminators","md5":"38fd223efd4e9946f5df4ef6370466d1","sha1":"00d4024bc9786d6342c1a5df248fb28c92346689","sha256":"dc282bef72755bfa8826df887d981e6906cab6c8877611ff8a43649a04a6c367","sha512":"7b9f0e9446e1b8586cd96c3664ffc6d8c1858236b0b14704f2fd97ecaac288d1b0c4e15141afd9e1048aee31f9863d9b62122dd7b0f4fde9d90535de7dcafe3f","ssdeep":"","tlshash":"14f049ea2d79c93424e0028720b9e39c1a3025a0bb11e70562edc92b9f10fe34c92d4c","dom_hash":"domhash1e072478f48eb0cfce276b105292fcbd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"104.21.62.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-17T10:28:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"shadowforum.cc","ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-05-29","domain_rank":0,"first_seen":"2024-08-14T12:50:30Z","last_seen":"2024-09-24T17:49:16Z","alert_count":240,"request_count":60,"received_data":3607754,"sent_data":38033,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"XenForo","description":"XenForo is a PHP-based forum hosting program for communities that is designed to be deployed on a remote web server.","website":"https://xenforo.com","common_platform_enumeration":"","icon":"XenForo.png","categories":["Message boards"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-12-07T22:25:46.118111Z","alert_count":0,"request_count":1,"received_data":5540,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-07T22:17:02.440237Z","alert_count":0,"request_count":1,"received_data":24800,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-07T22:13:56.807982Z","alert_count":0,"request_count":3,"received_data":149361,"sent_data":1667,"comment":"","tags":null,"fingerprints":null},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2025-12-07T22:18:21.627912Z","alert_count":0,"request_count":1,"received_data":20344,"sent_data":506,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3ab98a31f06eaf9812a453fa32d965d3","sha1":"5e30bef89c2c25f21583caaf559cd5dedd3c3914","sha256":"bd9212f070fe2c1ef0f2166e5f1f9b93e106ee330cfcabfc2253adbce60974fc","sha512":"d56ee5322ff34d5fab7961cb877680a523fe0e13cf0e1fe2e67066b90fce627d2c6629dc9b1af4a1dfaed201826e5f7b4089f250232f487e985151a9de6524d0","ssdeep":"","tlshash":"0e11dcb93a2a1534c9c5808b317ee7a93e3220317a02a145d26ccc299d18e8314efcbe","size":902,"data":"","first_seen":"2025-12-13T10:28:10.3935Z","last_seen":"2025-12-13T10:28:10.3935Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"43f634485a81b07eeb687a365e5f2be4","sha1":"4c65cc0591913c13139df114ca1427a526c1f301","sha256":"ed2aabe20488de0d20a003848ffd0f227898e8cd7014e754dcb5ae5d755f7f89","sha512":"ed0a22f86838788cc4e753799adcb7ebf6f50d8a37c92d1172ed5f8024f61b84f3d26a7fcf224304d43c5399d3eb7478e734692264f227da1f589f22ea433b38","ssdeep":"","tlshash":"15b02b340c40063022ac77ed034f3f082d3a4044c40cf1001007cd01b4e08441152d89","size":125,"data":"","first_seen":"2025-01-04T04:02:55.930441Z","last_seen":"2026-03-14T16:24:30.363688Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a47bd0b3b5423eee0ae3423f74682add","sha1":"d7bfbafd97166acc808f4f6948f6ee62a7768379","sha256":"1c0141d326996d05b2725b6e8a1cb925fb4fc62d631e828ad3627c39c48a3293","sha512":"7b9a35a34d27807e4b4c05626f77284176b23eabd180d023e8f697b9b21ba90355c3b5ab32a59be68bac388babb40b0be0de7827424c19a5204e53a668dfb460","ssdeep":"","tlshash":"34c08c388a1a463bc823300c24e8008fb3c5135acfb09e0087c7f0000084351aaef702","size":164,"data":"","first_seen":"2025-12-13T10:28:10.394709Z","last_seen":"2025-12-13T10:28:10.394709Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/cv6/nodeicon/svg-inject.min.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae60670a20f05e487c4748d9587b1f55","sha1":"d9fce733927b07a9d4ec7d6cd94eb1c92b3fd3f9","sha256":"ae2d4012836d80e35738827493ba7d1e84071aae8c103b233cf61987b356a6ed","sha512":"ebc368ff6eb75582aaa1498b64c718e45bbac7346108658c1cf15000d6569b34850a6099a7486722374c5973a4db2b10cc6986780938d15adfbdfda11a5d511a","ssdeep":"96:bGSV/OOSL2O6h8nf33GhtOr5IG5bcaG2SKSu0ik7GAwXUIwp5BTu67kKEZblOT:iSVaL2O6anfGzOVIG5bciIiHAwEzBTci","tlshash":"e091d7e8f5c8f12b2bef203685af250ab0760152344cc5915105f0b43c78aea2767ddf","size":4608,"data":"","first_seen":"2023-03-10T01:34:10Z","last_seen":"2026-05-02T04:31:48.271772Z","times_seen":256,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/xf/core-compiled.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a426b7982467ba27a4cd60caf07ba6a2","sha1":"183a6ff1430c129130b2a2cfb3d8274c4ff6654c","sha256":"9f12e9613ffc81683459a7891f3d764bbc642c1c1f24968838a9c7a81750cae1","sha512":"1b4b0f1a13257f6ae1c6b8d2378ab37e178088a74ff3c40f8e49f87c24f0188f0c9f7ecf06159842bd5c81adbdae5a1f2dff5ba49c9dd6dad8339ed1bf1da904","ssdeep":"3072:wlieArzw8tw8EdNJ4MUK8ARo6ngUbHZqheV95XRAdCDPJb:SAS8EdDnul6ngUTVHudAPJb","tlshash":"ca242a4bb6513aa383eb20b4502f3205613699b7b98684ac7435dfd28d78e0d6177f3d","size":211765,"data":"","first_seen":"2023-03-07T12:28:02Z","last_seen":"2026-05-01T16:40:47.421029Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-05-02T10:29:47.896407Z","times_seen":102104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"009824d77b0d5559697c2499a240e6dc","sha1":"5ac98b78d7dc9fff3a252fbe837e6794357103a3","sha256":"c0bda69acd77e7728fa06dc05b857565b73c5abf185ea679ff14f06f3e3e4b63","sha512":"0e35aebf88593bdf66ca8f8d7a9740dc8d651d50b541a260b1311a03762cbe438bcd3cbc2d3049a8f354d01eb26358d9e854bc9af3122613c7ffd8b71a292efb","ssdeep":"192:tfQdiGZB8TQb9o2U7I1HAKtOc7GVEkDtRzgsUL6pUL6MwL77gjdLNNP7WlYaKf4I:t4UGZ201kghI02jzgsUL6pUL6MwL77gf","tlshash":"2622e9da3b89b041107250b138bb64cb516fddbfb8685987c2297ddcf921b94eb51f01","size":10381,"data":"","first_seen":"2025-12-13T09:49:18.097458Z","last_seen":"2025-12-13T10:28:10.355228Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/xf/preamble.min.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"387f790df3b04817b3b499539218a32f","sha1":"8c5023f702a511271e35b31fe82253edf119ee2b","sha256":"f8f0d5e29e4408e8ecdccee5e73a185566774f71c7f440cc50ad5c647b127ce3","sha512":"639c1fa2313e72c68b11e97a971fa6faa93886c116e0ccb41151da5ef92b01ba9f9390b41b58119de0bc5a6ca53ea6537cbf7ec92d628a38c0ecd8fb6baa7381","ssdeep":"","tlshash":"1261d8ac3387773661eb3e75925f720b20235050679808509e22caf8fea0de604db8fd","size":3264,"data":"","first_seen":"2023-03-07T01:06:52Z","last_seen":"2026-05-01T16:40:47.419259Z","times_seen":624,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"948c419892cdfe855c428af77634c69b","sha1":"56a09830691f38e47328174d604fc00f8a52b318","sha256":"df2e2d133851beb0df1e0c1ca7485d6b70eb75e49ed036f236646f087d0e0623","sha512":"d355e8fffe73b5efe80b8a50d17e4fab5ebb3166ae9b5b784c108221123f62e67629ff2dc5ee985f95c23bf768f5dcb3d9385d16078546e76e2a37699b99240c","ssdeep":"","tlshash":"a0d0a944c74d0c8a31b6c210a22108d231088a33c283048a17f4db2e34fbe8b08088c3","size":208,"data":"","first_seen":"2025-01-04T04:02:55.93703Z","last_seen":"2026-03-14T16:24:30.364607Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/vendor/vendor-compiled.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2eb06a066c2b5c9afcf5e8a0b2e06cb","sha1":"acb83165d05afb464ad1953bfe253ff70f814add","sha256":"3507ca14c84cbffccd872e634a84d93f50882c817e66ffdf2643a7ed884a205e","sha512":"4dbbaf1d76aca7098ff7c529df411cd8393eaf0530f09749b4b98e5378b1a64f3048f03eb4254501b907b945f5164f5fea780e9e8b866d97f05b325d916e3bf9","ssdeep":"768:KH8r8GESU7AjBaBY1URnAyqjpblwzgoZiGvF/HHuMWj:PrxE77Ps6niRGvF/lWj","tlshash":"4b13fb2d734131a66357e5b9670f0a0ae13761e99b0bc4a0913ccdd02fb857909e7f5e","size":43704,"data":"","first_seen":"2023-03-07T01:06:52Z","last_seen":"2026-05-02T09:20:16.371191Z","times_seen":4004,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"25215a14601bfb5554f33c6cc78b65d1","sha1":"27972e710a8768c7f6a881885086fdc34f6bf523","sha256":"8b346439ed8337ccaabb9dabbb0e5c6433fb8191378b8e72e1a29e511bbea880","sha512":"00781c42322a9effd56ad205f1033e933501c0f27d265d26ad134cb5e1c935a83cbebbe38a8e7f1e450729f9a9dc5946b8696cb75fb46c71d97e56fcabfbc247","ssdeep":"","tlshash":"7ed09799283888301084014720b9e39c2a2020602b106201a1ddcd1bae11e9308a080c","size":217,"data":"","first_seen":"2025-12-13T10:28:10.396192Z","last_seen":"2025-12-13T10:28:10.396192Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dd6c60b0ec3fc281351d20e98a68a0e","sha1":"8ac071933a35a31dfbb4717a09c23886f57cb018","sha256":"f6a36664f627e884903249f1218e7cc33a0e9958b7c6435ed88ce866ae46e6d8","sha512":"b64debb878da5bd87b67b6ed8ec401f6847225471cf0df4e03f7c6d215cf5c10c6bb0895ed540d9feea40854df37b9e7a771722c1b131f04f934f2624b40c812","ssdeep":"","tlshash":"0b01f988fbac5c774877b12a0c3f20ce322e64764c404a3baca05060a8ce33c71a2d58","size":701,"data":"","first_seen":"2023-03-08T00:05:10Z","last_seen":"2026-05-02T03:39:59.029647Z","times_seen":521,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/sv/passwordtools/password_input.min.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"565127680499672f38bf701ed1a5feae","sha1":"3dc752beb1132ab56c8374460c4b34b5310ee840","sha256":"10ab6607f99919088ea885d0c540712f69dfb3e06556d967ff1be36a66194336","sha512":"a693079aabf7efb303425c6738b537641ee2468da297f722a7640be1a015b4505a6864c0e514940d123e97fcb5403f802730c4bb89a2e26def2b713443528195","ssdeep":"","tlshash":"9b81bd0372042e532adad6f4508216017352ee2b910758ed3af4e7ef727be834165b7b","size":3870,"data":"","first_seen":"2025-01-04T04:02:55.931981Z","last_seen":"2026-03-14T16:24:30.31035Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"25215a14601bfb5554f33c6cc78b65d1","sha1":"27972e710a8768c7f6a881885086fdc34f6bf523","sha256":"8b346439ed8337ccaabb9dabbb0e5c6433fb8191378b8e72e1a29e511bbea880","sha512":"00781c42322a9effd56ad205f1033e933501c0f27d265d26ad134cb5e1c935a83cbebbe38a8e7f1e450729f9a9dc5946b8696cb75fb46c71d97e56fcabfbc247","ssdeep":"","tlshash":"7ed09799283888301084014720b9e39c2a2020602b106201a1ddcd1bae11e9308a080c","size":217,"data":"","first_seen":"2025-12-13T10:28:10.396192Z","last_seen":"2025-12-13T10:28:10.396192Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9a56c5c970eb95a5a223c1beec12b571","sha1":"c4a926e0dc6767d0b2aab84672ebad75cb8fda23","sha256":"48c5b9c6f757b5391c9ac0bc886b686eb7b01cc79ab7195e8fc9d8dd0679ce32","sha512":"44dc6dddec2b897990f4d66e4cd0f6b14f223636a2c404e877209223c9459bc99344502f9c6407aac7bd1dbab4c7a18f628a521311616ca92e4ebced290dbf0e","ssdeep":"96:MZLxzecAv+o/rwpOmWva9zjylQGvc7U714qS192YqlZ:iLNec6z3Pa1jylQGk7UB4qO0","tlshash":"a1a174478a1c00a3daf4530e7d3e7ac2ab5d31a7829130eef168555f3bf580611ef852","size":4951,"data":"","first_seen":"2025-12-13T10:28:10.397232Z","last_seen":"2025-12-13T10:28:10.397232Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-05-02T10:29:12.228215Z","times_seen":334490,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b706f1879ca6b491d788c37bff95fe8e","sha1":"736f6d6b8a8eab46e8ee36ee20950b1ff59b6032","sha256":"bfbdfe1cad5360d81c691cdd41177c2b53b1cc26c0b9bdc2cedde8a646e4fc30","sha512":"a36564f3393a754cb83a4919f9b752f244c8556e7a1ce94d6150fc0b27f41870cef40ce5d2b88f26915cc9c674489c272877be797f24c50e0591dd481f775535","ssdeep":"","tlshash":"e62176c2ff4ca52a94412960576b42ce883870bb8da3c8e7ec0de336d150c4f5c5af15","size":1436,"data":"","first_seen":"2025-01-04T04:02:55.933356Z","last_seen":"2026-03-14T16:24:30.359099Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/vendor/jquery/jquery-3.5.1.min.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89476,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-05-02T10:12:11.268774Z","times_seen":231077,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"340a52f0c7059035ee3c683d32441860","sha1":"8971506595421c090851bbeb9a39862c419493aa","sha256":"00ba8e5ee2c474bab3a9f065f906e683df5746100c91c1c6db8514253f462335","sha512":"4c59dc795930b32ca14f6653702f57c516379a82d45893ea0b6cbeb8ffed83596cd660ac9ba5aff7e4a153938e5761cf2d8efca5e68a2f714483464f303226dc","ssdeep":"192:t1blwDoaY8jSgLlH9zMq8+wpyQ/N9FagaaCRBgsSg6p0g6M9g7JgjxLvRPFDHwl8:tjwzYiSWld4qvw0iHpWBgsSg6p0g6M9Z","tlshash":"4a22c6c53a45f011a03254b5386b68df606aedbfb5280943c62ebdecf6317a4a7b5f40","size":10315,"data":"","first_seen":"2025-12-13T09:55:37.621649Z","last_seen":"2025-12-13T10:28:10.379555Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/3/3528.jpg?1676979928","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/3/3528.jpg?1676979928 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"d69-63f4aed9-9a8675;;;\"\r\nlast-modified: Tue, 21 Feb 2023 11:45:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3433\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BJIRhqV27jM8JLRGSUFdh7wikcxfVhkvj6qqEveljaDQn03%2FD5A8fD0FcuJK%2F4M%2FtOcLj6%2Bz5OT%2FR6YwubD8nuAsxi%2FLr8YhM5Mbng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532e93bb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3433,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"8cf286789957e0b7a81bdf4db564df47","sha1":"9e57497872d1d989f35a7172f2817129bf45c5eb","sha256":"77d897d23db44cc9a02fe760ee377e0b40a2bd3806889e6db19da1bf0eb0f9d6","sha512":"49609487812e3674568f420e0b8d15a74380059e7e9191ab71f384856384cca6c1aac3f33c8cc995d7bb0cca651611d67eeabe6e83cf06d9a484de67f3e1f92d","ssdeep":"","tlshash":"d4616d3bd5e49e59dc138d6b0d4d9f57c2272027e52abd200ec4bc25d3f68c425c58a8","first_seen":"2025-01-04T04:02:55.90954Z","last_seen":"2026-03-14T16:24:30.33931Z","times_seen":4,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/tuto.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/tuto.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"bb69-65270fd5-9e4aad;;;\"\r\nlast-modified: Wed, 11 Oct 2023 21:12:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 47977\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TBIx2I0L2TBUyqOGsvP5DQbVtHJPvTwfzdSwM8L2nO7D28aC8uOibaL3IRkHwHV%2BpdNuaHG37C4hmRk3C9wKUmjylqyuLTnHLvm%2Bbg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324927b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47977,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 422 x 316, 8-bit/color RGBA, non-interlaced","md5":"035ecb4b2d95ef52ff4c0e63bdf318b3","sha1":"a936123edf1bc8baae1048473a458980e3e25244","sha256":"8f12e84293b5698ff0baacf0153d8566f509c243a10fe3c3bcd8a3dd4dcb1a62","sha512":"e991fee377e8bd96f58891daf0516ddd2b5178ce68efdb5d314eac5659fd001631031061c9fcbab5d30662ada41b441ada19f660911e1d34df519bea28d13307","ssdeep":"768:17YqBMQyHFbx0avQPkQWS0UQgdHYFcyOhgNJ5eC5l65p40tSdcmElTCx32HA:t/BgMkvS0TMHYbxJJ5lmipExCB2HA","tlshash":"a123f233f7e99ef3bc07f4211731a4e1448857ca7618a88657f59b8babb7694002a3c5","first_seen":"2025-01-04T04:02:55.897735Z","last_seen":"2026-03-14T16:24:30.298877Z","times_seen":4,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/nnn.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/nnn.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"10649-65237f77-9e4a71;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:20:07 GMT\r\ncontent-type: image/png\r\ncontent-length: 67145\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4YBMNilmNir%2B2j2U4UihQMoCoF7dFJ9hww%2Bw%2Bhf%2Bfcc%2B0AA%2Fw%2BSOA%2B2%2BsTzeUqqSfs5oscSqh5RULKb4AEZIuYkwQ8WOr5P2hAcMyQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324926b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67145,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 375 x 366, 8-bit/color RGBA, non-interlaced","md5":"6676cd85efd0473ff63f0a759ef509c6","sha1":"ba212e81887b8795b184bbf0e5b8d49eba825846","sha256":"74bb27f6a0f96fdd9c4672e5eeead90806244d4ef8d540b2cc2d86417f4c3aee","sha512":"b814759d68d235e65b76f55cd77a06bbc394b1a1930111705b4cf904c7e49b836badffd8d3ffba90676f28299e6237cf5a42f530d9cfbf54c7296e39eee5a775","ssdeep":"1536:RQYNlLFSJZArhyEHshPmXtg7hctg3e4xb3+4co0cQdR:PNl5aArXmPPIg3e23wo0cW","tlshash":"8663123fff7f00c3a1794ecb1997c8632c2d44f385693a455882eb7202457aea05aad2","first_seen":"2025-01-04T04:02:55.89956Z","last_seen":"2026-03-14T16:24:30.308455Z","times_seen":4,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f9c5.png","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /joypixels/assets/6.6/png/unicode/64/1f9c5.png HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: image/png\r\netag: W/\"1311-otsXHwoFgaZ7ot+7g6KthnIdAck\"\r\naccept-ranges: bytes\r\nage: 890982\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nx-served-by: cache-fra-etou8220186-FRA, cache-hel1410024-HEL\r\nx-cache: HIT, MISS\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 4881\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4881,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"d2f771950d0388d5c1f96a7c70dff64b","sha1":"a2db171f0a0581a67ba2dfbb83a2ad86721d01c9","sha256":"2c96c912aba7d6dec17205d97617814ff70bb99d81d98beea061ed4a4b51c415","sha512":"22fa97cf121ec18215e8f9ccb3245b07d874ddb356d55c2678cdeec3f09548d6a9dd95e7f2e32f6ae9da373bb94e3d061abf437aa5b45ac076ac3d42194c3b70","ssdeep":"96:QlqyO2y7EHPAY87T/LDMiJ+eqoGHtT+5DunJzkHu5E/vsX9FTkpgMXljARW:QaZEH4YIcM+eqBuuJK9/v6FwrSg","tlshash":"c3a17e932622630aa518dc4940def02114f7f7b397ed79ce98cf79a04ac3979724e9e4","first_seen":"2025-01-04T04:02:55.917598Z","last_seen":"2025-12-13T10:28:10.347825Z","times_seen":2,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":57,"dns":1,"connect":26,"send":0,"wait":60,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/2/2240.jpg?1672946460","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/2/2240.jpg?1672946460 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"ded-63b7231d-9a8469;;;\"\r\nlast-modified: Thu, 05 Jan 2023 19:21:01 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3565\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4p3GD4uJEwE2O71IMFqjNCpwIxXlTdiP%2Fuh8ssctEGo6RuNDIJvbpmLOnBGWkMGS%2Bh7RNbb3il%2FZ9nsizpWihZzpzS5hxbnxqfSBUA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532e93ab517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3565,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"67f83691013c020b0117f6aac675a92a","sha1":"01ac8de395847312f0fbff3d03a7797e0647f342","sha256":"c22515a46839419dc32e158bfff2b15ed1fc2a5a6806b2161b4d06a8b2a2bd68","sha512":"b4131c5ab6e1c3aa8c3651e311b90b140fb037ab71b8e0b1a35de4d2300fa1ec998387b60c9a918a3278e20552606e2514f624667515ec7ea07f969eee41f88f","ssdeep":"","tlshash":"ef717db35a84c060d5327ee9809e492caf6124e2c625026f03d3ca156ff2e82fff6c00","first_seen":"2025-01-04T04:02:55.910578Z","last_seen":"2025-12-13T10:28:10.348448Z","times_seen":2,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/16.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/16.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"e74-628c2420-9e4a87;;;\"\r\nlast-modified: Tue, 24 May 2022 00:17:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 3700\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dyUJR9MHs2sG7OFPnrUZ4RvOzkacPL0bRMEVgshrmFE1KJ7VybxT25qigQMOGN%2FIIHXfdQCBdRcytQdjg9y5REOSPclCewLY5Mmhgg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324920b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3700,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 51, 8-bit/color RGBA, non-interlaced","md5":"59487d62acd79481ed254ac4a3497de1","sha1":"e1062f27624763cacbe2a591ead1174bc32f75f8","sha256":"84c13c40f8af01462d19ce47352db1a391e96c74b86db3b46cd36428fa54f8ce","sha512":"c23430556e4e908a8bd89b40b689d412c9eb1ee854e392282ee6676ebd54c701a94161550b46c73e6c87f0402f829cafb2a522a7410ad1e8a528af8cc82ffa3d","ssdeep":"","tlshash":"bb714ccbffa2cd9e1bdc1426610799d854f11c6ae4d7e2b93ef478b4418a2cb5ad0384","first_seen":"2025-01-04T04:02:55.929058Z","last_seen":"2026-03-14T16:24:30.30702Z","times_seen":4,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"DF:9F:85:F6:4A:53:64:E2:D3:A4:9C:9B:0A:4D:88:F2:DD:8C:92:6C","sha256":"99:65:94:2E:11:0B:3A:F6:B6:E7:38:F9:58:D0:01:2A:B6:CA:D4:2D:38:BB:87:ED:72:23:CA:63:32:85:95:35"}}},"request":{"raw":"GET /css2?family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 13 Dec 2025 10:27:40 GMT\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24114,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"f4e6b1e1bab819e831c6185ec8556f51","sha1":"5acee6729dd3ca075bcbaa308f51fcac8ef449e0","sha256":"7c50bb75c2753eda0d92995ff64bc1956d6b7f7a4f338ac5cc49f9d9a2edae19","sha512":"b7818a5e9123b649c9709bf3d2e55734eda1cbd5f13115d46f758c896c3335fc2f6c28e1fce18f7cc1b9f6b14cd11fc936f036f45f98e5aeb22482a1833ff7cb","ssdeep":"384:+dOhqqt5Iv0qY49HnQdUOYnht4vv5qY49anPJt5qY47uOqY4P:gM8kZdvhbCo","tlshash":"84b2f99104171440aa435dd233de7e34ee0f96616044c0ba6bfe9bdbeecad69a3b435c","first_seen":"2025-09-17T10:07:56.443929Z","last_seen":"2026-05-02T09:50:23.741354Z","times_seen":939,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":112,"dns":1,"connect":21,"send":0,"wait":34,"receive":0,"ssl":102},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/photo1.png?1717603549","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/photo1.png?1717603549 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"26d5d-66608c1f-9e4a79;;;\"\r\nlast-modified: Wed, 05 Jun 2024 16:02:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 159069\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u0lbRI3XsKlKveX2nmEt%2Bzt2dWsOLwNr5v6ZgnCqkhP69YfeQHWCLg54e5j7QcPz284%2FLHv5yJyrOdumad1OPJ4NMa6mUyDkYQtRGA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c52ff910b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159069,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1386 x 453, 8-bit/color RGBA, non-interlaced","md5":"42755726bf65858b18590c85ed990bba","sha1":"005bc2a58ed6bd38f5be9bfa55c81b66a0f0d0b0","sha256":"08259689597a1ca0e9536956af6ee437d26d26ddbef0a5f2f9614baa1284e91d","sha512":"221635a28d04a12095885dca0cabb364f583125585a30a95f3b67883f6e61050cceb24e9a72305b724caa9d01c18bcef752c6a5194642876613053fea3f82214","ssdeep":"3072:hBeGvpJ4FsWzFWDP8/PakcioFGGhVB/2CSz6qx/:hBeCpOBc5FGGhf2tj/","tlshash":"45f312543764d40cf76b5bb4ee68bff9217b0833cae817391453227a08b1dba34916e5","first_seen":"2025-01-04T04:02:55.926232Z","last_seen":"2026-03-14T16:24:30.325554Z","times_seen":4,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":151,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/6.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/6.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 13 Dec 2025 20:50:20 GMT\r\netag: \"1665-628c11c2-9e4a8d;;;\"\r\nlast-modified: Mon, 23 May 2022 22:59:14 GMT\r\ncontent-type: image/png\r\ncontent-length: 5733\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nage: 567439\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PgZQ8DFrJc8dOJGFmI1bkUV89V7ZmfuF%2BUbYDFDo4BTYtSgIH6Qted93uGJ%2BONZp4szq9yAMaglj6N6xDs9135yTtxRDZwNaEZEtmA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532491fb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5733,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced","md5":"cbd6d6aad3d771b91ad6fe5788729283","sha1":"09626c3fca80b596fdda68f539ba6bfabc56e3dc","sha256":"0e353afbed51c7223056ab646bb089cc3d890371ffc6ec53fa7244ea27d2490a","sha512":"2927c2b57a3bd38bedc53198dffa970ea6bba991852559634ae0b559a90c4e8cd874f95004928bdd01e822f425d7d7909289da38b87a4a5138eb560a8a17c5de","ssdeep":"96:87SEZQIZNrmTGvPk9/QfvCKgFLcctBvHoFz2oLi84iA/zN36bGRNXIUDNt3NpId7:WSgZ9mTqPk9IfkLc69K2Wi8TA/EbW1LQ","tlshash":"bdc19f2d8ae050b4d84dee93d3033c424589f82fd669642ca65dfa4d065ad70593af43","first_seen":"2025-01-04T04:02:55.92716Z","last_seen":"2026-03-14T16:24:30.304063Z","times_seen":4,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/refunding.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/refunding.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"fb07-65270fd8-9e4aa9;;;\"\r\nlast-modified: Wed, 11 Oct 2023 21:12:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 64263\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z%2Bvr9Q9zG5x9SfawpxTUU1NVq6YzixkgJEPcE150Jl5Uoyw6mnXuHRZzw%2F7OfCQ4oFrhSX3urHPYmAzg6glZyTslewMDsU6mi3I1jA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324921b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64263,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 354 x 357, 8-bit/color RGBA, non-interlaced","md5":"d81bae62a1650c39d411f6d313acf283","sha1":"7b55695e528c3b223ad71feb0a76837b28129e1a","sha256":"a12fb0d2fd1f2d9668d136be136092c52d3435a51198dc6a64db6b1044527bc8","sha512":"8893f68a2a545edd858fe7df503d8ba7e3533ee6c7c55250b9ee9a7bb7eba4e1de3102479b1ed40f8787024abbc3b540daf15d9eceba182a2b05df5f6278facd","ssdeep":"1536:k2JiLdYaxoTcvPLQI89a5/eU7OeH0KzwMfC6TBT/0ew7m:Ji1zvP49BUyeUKnC+Tc7i","tlshash":"be530295d02634c8498219317cb7877c74a7ac68916d00e247b6ea16c95befb31dfc2f","first_seen":"2025-01-04T04:02:55.901745Z","last_seen":"2026-03-14T16:24:30.305535Z","times_seen":4,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\npriority: u=3,i=?0\r\ncf-ray: 9ad4c534796cb517-OSL\r\nlocation: /cdn-cgi/challenge-platform/h/g/scripts/jsd/5eaf848a0845/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=mBDe%2FNsExx9Oj64jwv91cnc9SayDKcp931E6WChpZ67lnMngbZJR8rvIigi31BqpTiRWhZE2XsnhpkxO2EIyH7agxEzN2vB3mcaKJ%2BEqvXy8cVdJJ37ERRVa2XaPRMtE%2Fw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1105\u0026min_rtt=486\u0026rtt_var=283\u0026sent=2439\u0026recv=181\u0026lost=0\u0026retrans=0\u0026sent_bytes=2723093\u0026recv_bytes=27908\u0026delivery_rate=45713492\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=35159\u0026ss_exit_bw=24053880\u0026ss_exit_reason=2\u0026cwnd=75836\u0026unsent_bytes=0\u0026cid=08acc9fe5aecff56\u0026ts=902\u0026inflight_dur=256\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10381,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-02T10:30:44.699799Z","times_seen":14521028,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/challenge-platform/h/g/scripts/jsd/5eaf848a0845/main.js?","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/5eaf848a0845/main.js? HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=w58LGDhdihhCq40KzEROQPu9wn7uDasulQoixwFbsR2oxsZ37YJFGcDlLhKzNj8dKPbUriwYd%2FSkbbssIcNDgpEtamvKF6ZwXu2ijZz4IRgY528simTQXUj8WmWmuRozVw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncf-ray: 9ad4c534d96eb517-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1050\u0026min_rtt=486\u0026rtt_var=200\u0026sent=2485\u0026recv=185\u0026lost=0\u0026retrans=0\u0026sent_bytes=2769211\u0026recv_bytes=28332\u0026delivery_rate=45713492\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=35159\u0026ss_exit_bw=24053880\u0026ss_exit_reason=2\u0026cwnd=75836\u0026unsent_bytes=0\u0026cid=08acc9fe5aecff56\u0026ts=955\u0026inflight_dur=262\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10381,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10381), with no line terminators","md5":"009824d77b0d5559697c2499a240e6dc","sha1":"5ac98b78d7dc9fff3a252fbe837e6794357103a3","sha256":"c0bda69acd77e7728fa06dc05b857565b73c5abf185ea679ff14f06f3e3e4b63","sha512":"0e35aebf88593bdf66ca8f8d7a9740dc8d651d50b541a260b1311a03762cbe438bcd3cbc2d3049a8f354d01eb26358d9e854bc9af3122613c7ffd8b71a292efb","ssdeep":"192:tfQdiGZB8TQb9o2U7I1HAKtOc7GVEkDtRzgsUL6pUL6MwL77gjdLNNP7WlYaKf4I:t4UGZ201kghI02jzgsUL6pUL6MwL77gf","tlshash":"2622e9da3b89b041107250b138bb64cb516fddbfb8685987c2297ddcf921b94eb51f01","first_seen":"2025-12-13T09:49:18.097458Z","last_seen":"2025-12-13T10:28:10.355228Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/styles/fonts/fa/fa-light-300.woff2?_v=5.15.3","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /styles/fonts/fa/fa-light-300.woff2?_v=5.15.3 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://shadowforum.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"2cf50-61a9f8b0-a80d56;;;\"\r\nlast-modified: Fri, 03 Dec 2021 11:00:00 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 184144\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F57w0GDhH8y15kskHr3%2BABZu6lRP18H9m5yvwynr5X67KM75O9%2BtumOXtRkjx8DxvpMOP%2BH%2BzoQeX39rU2U%2BCaa2gZG4CXpwWALrFw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c52fe90bb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":184144,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 184144, version 331.-31261","md5":"de11da0fb48a14c9cbc05b0a24ed6efa","sha1":"878cd08a06b335d95826e813e0a8777e28a76d04","sha256":"e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d","sha512":"d77602520afdcfc7d164ceada6fe6860b499e12aef29aaaab836abc95aaee167b246a9d8c571b779093bde9e5a2fa1537e22dc8bb22b6e301378cce4ade6be45","ssdeep":"3072:1+5rCJYAi4M3Xw8TGn9j7JpEfZs9FITHJoIUhAd0lYg7Xrj8pzdQt5OIWNgv/7:MCZyxy90fy0THJTdi7XkpRQ8gvT","tlshash":"be042318b67b1bc6e73dbc2613111c0666c5c5a3602e8ced6fe27e70127486e7b1e729","first_seen":"2023-04-10T05:25:28Z","last_seen":"2026-05-02T00:10:33.633046Z","times_seen":1555,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":108,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/0/13.jpg?1656014980","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/0/13.jpg?1656014980 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"dbc-62b4c885-9a672a;;;\"\r\nlast-modified: Thu, 23 Jun 2022 20:09:41 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3516\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uoL6N8ZurZPl46Is9v0yzmCDbqRQ32U806LoSr0FXABSuCcg3VBbODEAoeypkxObHto5dIrj0ujGkBLryD6NBcM5tWffiGwFSsEX7A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532e93eb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3516,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"1bfc561aba312a63ca7656c33741190d","sha1":"dbc47297127d71e94e317cae629cbacfc9933a69","sha256":"41e60aef314afab6d9bff19fcffdbaefb6e09827459005d534b747e62f0b7a8d","sha512":"98514635c841a239530a91da06782d17ee8b17b585a090808930e021586c7533d8a887a01a14a68f539a4b89173f4007d34bd9900c95243a94830285fd3d757d","ssdeep":"","tlshash":"dd716ca29642b0b5da53e94ac028fd80053ea586047bcfc0ac792f2f5583def00a8355","first_seen":"2025-01-04T04:02:55.913221Z","last_seen":"2026-03-14T16:24:30.357252Z","times_seen":4,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://shadowforum.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 13 Dec 2025 20:50:20 GMT\r\netag: \"21678-61a9f8b0-a80d59;;;\"\r\nlast-modified: Fri, 03 Dec 2021 11:00:00 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 136824\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nage: 567440\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cMBlMT%2FmH5sIlwH4EjpcWvnTl3pkEeP%2FMCATZ%2BGQDOQ9GHV9Q9GJLnwIDqAGyVNH5NhFguBq7%2FUl4QgmiGhdy%2FKxnMg7HnBH2RgS4Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c52ff90cb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":136824,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 136824, version 331.-31261","md5":"978b27ec5d8b81d2b15aa28aaaae1fcb","sha1":"76625967fe113a088e0627605b9d1bbfb8a5e47c","sha256":"943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c","sha512":"362016e192f824ea36565d864ff5ff81f0e1b4d27c33fa9a6b78a47631f53b391dfab013c68a68e39f073bf1ee8977eb22dee794a0a3fd44facb2e66029e4c48","ssdeep":"3072:RpymELRQSMyFiGKkDgjSfiI5FCnKXV9e0IT9OCNc:3y4yjKogjy5FBk3T9Op","tlshash":"c7d312cfe26d1716f883176860876305d63a7b26bfadca2280e5d70d1283bc86d9fc54","first_seen":"2023-04-17T19:02:51Z","last_seen":"2026-05-02T09:20:16.353476Z","times_seen":4937,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/4/4566.jpg?1679601578","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/4/4566.jpg?1679601578 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"d69-641cafab-9a7751;;;\"\r\nlast-modified: Thu, 23 Mar 2023 19:59:39 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3433\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3pktyLAJpjWzF38GfKCIm87SAWUtuQflcTqH8o3z6iBDtZtgdm5mFSlCxoTZJT6%2BPzSmmRJONz%2Bute5cZiPHXfpjn%2BXepDb2aX0wzw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532e938b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3433,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"8cf286789957e0b7a81bdf4db564df47","sha1":"9e57497872d1d989f35a7172f2817129bf45c5eb","sha256":"77d897d23db44cc9a02fe760ee377e0b40a2bd3806889e6db19da1bf0eb0f9d6","sha512":"49609487812e3674568f420e0b8d15a74380059e7e9191ab71f384856384cca6c1aac3f33c8cc995d7bb0cca651611d67eeabe6e83cf06d9a484de67f3e1f92d","ssdeep":"","tlshash":"d4616d3bd5e49e59dc138d6b0d4d9f57c2272027e52abd200ec4bc25d3f68c425c58a8","first_seen":"2025-01-04T04:02:55.90954Z","last_seen":"2026-03-14T16:24:30.33931Z","times_seen":4,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/xf/preamble.min.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /js/xf/preamble.min.js?_v=32a82bf6 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"cc0-61a9f8ae-a80c30;br\"\r\nlast-modified: Fri, 03 Dec 2021 10:59:58 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 1466\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ya4daiAZHEGdwbVLODjlGmUdi1aZtZ3VIlK8hqwTHLI5hYXpKxxOnB0bIdmK9o74FIi2%2FyKdPq%2FVxe%2FktW89xFWofF6ty5%2BNgdPSmQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ad4c533b968b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3264,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (520)","md5":"387f790df3b04817b3b499539218a32f","sha1":"8c5023f702a511271e35b31fe82253edf119ee2b","sha256":"f8f0d5e29e4408e8ecdccee5e73a185566774f71c7f440cc50ad5c647b127ce3","sha512":"639c1fa2313e72c68b11e97a971fa6faa93886c116e0ccb41151da5ef92b01ba9f9390b41b58119de0bc5a6ca53ea6537cbf7ec92d628a38c0ecd8fb6baa7381","ssdeep":"","tlshash":"1261d8ac3387773661eb3e75925f720b20235050679808509e22caf8fea0de604db8fd","first_seen":"2023-03-07T01:06:52Z","last_seen":"2026-05-01T16:40:47.419259Z","times_seen":624,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=b28d96a6ba8ce1cee94e59ee7a765490f9d17cd4","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=b28d96a6ba8ce1cee94e59ee7a765490f9d17cd4 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-frame-options: SAMEORIGIN\r\nexpires: Sun, 13 Dec 2026 10:27:40 GMT\r\nlast-modified: Wed, 05 Jun 2024 16:07:53 GMT\r\ncache-control: public, max-age=31536000\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 84658\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j4qRL93f8nkOZG5iBbSpagpmtDnJGIN4gUhDeo%2FzVbX5UD5kYwlF4D2LZbtq%2BhSkHyiwoSjeWU02qgYwNIJojOLrt96Gks8l8SHL%2Fw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ad4c52ff90eb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":406661,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (63233)","md5":"7d6e76dadec911ee605f41448311130c","sha1":"aef2e67750c4c15515cdefa4d66b6e3c2fe8d74b","sha256":"b904ad152e9239c34a6f1215af4d6ccd76da5c51194412608ad1c8e8d0560746","sha512":"4a770ec325c19d3d79a7417d1f32db223613f80871aaf8fa327ff19c2908c650975a5ae35e6834a5f580238191fd5d82b3b431cacf74cb85038d273d1010dc1a","ssdeep":"3072:PbqMAXH21E1IZ3/g2ln++1gESRVRlkQ/p1UbvrdcKOw4zpN5G:Pb551EQ3IOn+9RVRlkQ/p1Ubvrdf4T5G","tlshash":"818461b0a11e01c93337c51fab41f23aa5b5f739d1511e8af08b8c9d0edaad911c9b9d","first_seen":"2025-01-04T04:02:55.874255Z","last_seen":"2026-03-14T16:24:30.324453Z","times_seen":4,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/nodeicons/proxy.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/nodeicons/proxy.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"ca38-65237bd0-9e4ab5;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:04:32 GMT\r\ncontent-type: image/png\r\ncontent-length: 51768\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6jbFspaxoAOXEdnaydije7%2BCnf3AYFlSTbVVZ7%2BrkliklKQKB2ckvLopeuaTyJYQj2cMQmK8p%2F0EEucJTkQMkcqy4OlNrhHwYstUxQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324922b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":51768,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 357, 8-bit/color RGBA, non-interlaced","md5":"38c0ee5c986e64ebf37628bf62a86a44","sha1":"aedf5984b50cc4c52ec93f7d6a197efac42b27ab","sha256":"97a981fa89c76f7daa2f2bf4c0ae64b72b7970efcf293922614fed6af9f68f76","sha512":"303c7513888d20bbba7e8f5653debec65d34fa32b2cc16dc416a6f24b6b678f10c611693df0e06d4b818f2e2cb182d9453e30726b278de53a01c73d51a20106f","ssdeep":"1536:pmLDUtkjTnbgYw7QpARy7AQ5Jkttl+8FMjeoJtD:pmLDUtgbnYrmV8tm8VoD","tlshash":"583302fa14d6c26aebf0044de40aabed14aec27df54ed67542f94be7b8060b3e410349","first_seen":"2025-01-04T04:02:55.894335Z","last_seen":"2026-03-14T16:24:30.346242Z","times_seen":4,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"FF:92:1F:D0:E9:98:18:CB:FA:1B:90:BE:3E:B9:41:44:DE:05:28:15","sha256":"0C:A2:FB:F0:F6:40:B0:82:E4:FB:1A:51:96:48:D8:22:C9:05:C4:41:67:1F:41:D4:8C:F2:B6:85:A4:D2:3A:AF"}}},"request":{"raw":"GET /s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://shadowforum.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 50216\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 10 Dec 2025 21:35:41 GMT\r\nexpires: Thu, 10 Dec 2026 21:35:41 GMT\r\ncache-control: public, max-age=31536000\r\nage: 219119\r\nlast-modified: Mon, 15 Sep 2025 16:31:21 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50216,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 50216, version 1.0","md5":"b577bb8d8c25082a9a50522f5ec995e5","sha1":"b3e5bd7b3c40d97eeefad7837daa986857596070","sha256":"186836b74ceac07b2764c07c0379420e3014efb30fe918461c235e0ef6cbc4a2","sha512":"54d26a07921bc6ea7c90b3d810c3e1e965e6dbc227b002cc385c07d2f3878ec42c7580663b8663638d7cad3ff50a8402dd64673aec5452d26d30760fb5c871c9","ssdeep":"1536:fTniLxNYt7dypMNb88NcWU5a91c+D+ZXA:Ti1NYtRyp2g8iW4atkXA","tlshash":"4a33f10bc7bbaa5ec58c1bb5cd55d311a980b0f1c028bf2724230b8537a899c62b65f9","first_seen":"2025-09-17T00:16:45.72892Z","last_seen":"2026-05-02T10:31:03.038427Z","times_seen":40142,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":126,"dns":1,"connect":8,"send":0,"wait":9,"receive":5,"ssl":115},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/vendor/vendor-compiled.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /js/vendor/vendor-compiled.js?_v=32a82bf6 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"aab8-61a9f8ae-a60eb1;br\"\r\nlast-modified: Fri, 03 Dec 2021 10:59:58 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 12287\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e2THVakTpBlYNwiQsix18bTgW6g1ye8kidSHqaVwN5%2F8G%2BumS1F3UlvY1QcR2Lzvr8C5ytGJ31JXKic6HpUMZBifBRQxKeDQSbC8pA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ad4c533a966b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43704,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (15906)","md5":"d2eb06a066c2b5c9afcf5e8a0b2e06cb","sha1":"acb83165d05afb464ad1953bfe253ff70f814add","sha256":"3507ca14c84cbffccd872e634a84d93f50882c817e66ffdf2643a7ed884a205e","sha512":"4dbbaf1d76aca7098ff7c529df411cd8393eaf0530f09749b4b98e5378b1a64f3048f03eb4254501b907b945f5164f5fea780e9e8b866d97f05b325d916e3bf9","ssdeep":"768:KH8r8GESU7AjBaBY1URnAyqjpblwzgoZiGvF/HHuMWj:PrxE77Ps6niRGvF/lWj","tlshash":"4b13fb2d734131a66357e5b9670f0a0ae13761e99b0bc4a0913ccdd02fb857909e7f5e","first_seen":"2023-03-07T01:06:52Z","last_seen":"2026-05-02T09:20:16.371191Z","times_seen":4004,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/22.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/22.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"7d6f-65237ac3-9e4a7d;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:00:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 32111\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hFHjPTMiq6F8Tbj7lJDVYxe2H5PNDlNa4xwkE4N6BTc0R8iVTuHn8OmQwfkn%2BZl9w8jx%2FWnu74MR2LMdYPCFHGIKAOMhW7NMqF3iUQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c531e918b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32111,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 354 x 352, 8-bit/color RGBA, non-interlaced","md5":"d723692321738c7013ad6cf33f576279","sha1":"e77eb40ffb65a61bc2dcec1b3a06a0b981ffc3a9","sha256":"f681ffb90719d4ab47640a799c9011626b38da3f366f0e1a385b011fea25f21a","sha512":"94438aa9c129f057983816eea2cf2f124b2ec0a6636c81e3236aecf1614d3ecb5becee9aeb79ec31dcaf39c5f1087be1305fab677c3112c01f224dec8e110a3b","ssdeep":"768:jPS+hCP/UmFm1a2wJ0Ytg1n2Ac0LWD1YbhTfUO:jPZ0vFmrwJdu7GebWO","tlshash":"cee2e1f334706a402b34459bcaedf42aba7f157507482aa2b083a655bcfb112495c6fb","first_seen":"2025-01-04T04:02:55.924434Z","last_seen":"2026-03-14T16:24:30.316042Z","times_seen":4,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/xf/core-compiled.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /js/xf/core-compiled.js?_v=32a82bf6 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"33b35-61a9f8ae-a80c77;br\"\r\nlast-modified: Fri, 03 Dec 2021 10:59:58 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 56612\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YG5KrXaujtFwpRRIz%2FocBWzSTmyuoq6MDNIn6emMLvNCpa0nx3lWZedjjdUO1khX8zlxvZAsvXVuz3K9AhDiRYGaXOJLYoVnJm3GCQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ad4c5339955b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":211765,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (603)","md5":"a426b7982467ba27a4cd60caf07ba6a2","sha1":"183a6ff1430c129130b2a2cfb3d8274c4ff6654c","sha256":"9f12e9613ffc81683459a7891f3d764bbc642c1c1f24968838a9c7a81750cae1","sha512":"1b4b0f1a13257f6ae1c6b8d2378ab37e178088a74ff3c40f8e49f87c24f0188f0c9f7ecf06159842bd5c81adbdae5a1f2dff5ba49c9dd6dad8339ed1bf1da904","ssdeep":"3072:wlieArzw8tw8EdNJ4MUK8ARo6ngUbHZqheV95XRAdCDPJb:SAS8EdDnul6ngUTVHudAPJb","tlshash":"ca242a4bb6513aa383eb20b4502f3205613699b7b98684ac7435dfd28d78e0d6177f3d","first_seen":"2023-03-07T12:28:02Z","last_seen":"2026-05-01T16:40:47.421029Z","times_seen":162,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 22 Oct 2025 06:18:58 GMT","end":"Tue, 20 Jan 2026 07:18:54 GMT"},"fingerprint":{"sha1":"C7:F8:82:22:3E:BC:9D:F4:7B:0A:EF:A0:EE:C2:C2:D1:34:7E:55:1D","sha256":"EA:85:37:F0:6A:CB:4D:61:4B:3D:2C:58:4B:FF:E5:CE:3C:33:94:71:D8:11:77:5A:C1:99:2F:94:1F:D2:FD:F1"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://shadowforum.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9ad4c5302da82efa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-05-02T10:29:12.228215Z","times_seen":334490,"resource_available":true,"data":null}},"time_used":54,"timings":{"blocked":12,"dns":1,"connect":2,"send":0,"wait":12,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/1.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/1.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"34ed-65237abd-9e4a76;;;\"\r\nlast-modified: Mon, 09 Oct 2023 03:59:57 GMT\r\ncontent-type: image/png\r\ncontent-length: 13549\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V3lzm7csESCp0W4sfKMDWbFTPF8TTcopP2USemPakyxjO4jsqIh0Bv9oNxOnyTsOvdxtU6jpQt%2BKRQL4q39uTqcxqSXA%2BynkVAbYWw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c531e917b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13549,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 354 x 352, 8-bit/color RGBA, non-interlaced","md5":"f6c851cfedaa74a4b0dc73d53c843471","sha1":"7ecee8184eaca101cf8c5da19527cc53d143c71e","sha256":"a4ace259a1e804925e69588147df9a770a3fd87b1adbabfb492481a92f7cce6f","sha512":"f5511339d3d2733e6878aebcd1b39d1e155f7db671d402305d5bed53e5d3be2d35213acba2c3c8eb231a909358b423478b9c6050ecc7ad43c0e76eb1226d7492","ssdeep":"384:fjDeYYipG1NQdMQagj1o19NoaamxAiI7K1aO6:lIm1agjW9lam27PO6","tlshash":"6452cf56f523720cff5b751080c504ae2863707b0f5c752b225c9a7686eaa2b916c9ff","first_seen":"2025-01-04T04:02:55.876138Z","last_seen":"2026-03-14T16:24:30.349922Z","times_seen":4,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/tttt.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.535Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/tttt.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"81b0-65237ffa-9e4a6e;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:22:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 33200\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9%2FrwVsms1rP%2BJfMjpUJ669phb9FtGnwuIkVjOHW8zZ37bEKWOddtzrBnikZmeJV8lOFTQ89Ulzt7xEHCgsaW9ecAT5QNhTlAVryapQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532492bb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33200,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 194 x 412, 8-bit/color RGBA, non-interlaced","md5":"1e4bbfc85aad2f196ef8df0e40da1f12","sha1":"1bed03773110da161796814c8e561dc9e1a5bfd3","sha256":"21af2655a58599a65b2e44393b5cd825ed7b877863b1b1e1c01250819c867104","sha512":"954b9796d77f72e87cfb1a9c1e3716df83d5fa11f8c6c4aa91e2a7d23bb961dace23b82ec922ba36dbc4c5203718187d704b5cdf1e36f43161f4bfa7fef1e01a","ssdeep":"768:TTEa+nXwACqHdD478wGSEVDaFWbhxv7iJlDy6tK2yu:gXTHdSXGVlwq8DDByu","tlshash":"7ae2e15bfc294f4a40985b66a4bb7990f1ca2941f43d0583c03b09a1db49795fcedb36","first_seen":"2025-01-04T04:02:55.90079Z","last_seen":"2026-03-14T16:24:30.334731Z","times_seen":4,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/metadata_logo2.jpg","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/metadata_logo2.jpg HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"2a17-629a25a2-9e4a7c;;;\"\r\nlast-modified: Fri, 03 Jun 2022 15:15:46 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10775\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:41 GMT\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LEkAloH3LoAtSqd1KzDofH60TBiVNK7kvGHG22b%2FNH3elUg3SWJeFdDCHRH1RaH%2BkvdMJEEH0RTpis%2ByhHjxVMRZR6lEDwm%2F%2BRIvLg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c534f96fb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10775,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 118x118, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 192x180, components 3","md5":"5e4bb9c05a2495566984a8a4f3a3d02a","sha1":"9b2174c608bb302c9f5212058d8d266e42f9424b","sha256":"7879d01c17de5e445b25c0dbdd3205d402d60f1b9c8d40b469940375cdfa6299","sha512":"34ec5029734f1c6480426bbbac6e17f78281f608dc270dd09319a3fc1130be155ea1fe24d2fb31294524ef23b2375f506d8353fe621ca42489c0359addd3faf1","ssdeep":"192:oLAsBHmNxMTymA2u++984qJaM4tpwV+3zJWoeJqRd7N8wWl6VfdvaBQfGwiHX:oLVBGLBDv84qgM4tqk3dWop7NBPdssGH","tlshash":"8f22bfcf4698f6dff10c99f094a4519feb238ab1ab71a1366f7cc5464f049e07966304","first_seen":"2025-01-04T04:02:55.918663Z","last_seen":"2026-03-14T16:24:30.347187Z","times_seen":4,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:41.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ; ads=1; cf_clearance=.RQPLMRygdSf0S7wyMIhMstcHLdQsYfRhxdAUwsW4QQ-1765621661-1.2.1.1-geeefwZh_I0OcXWI6FXYLGSlq6TmhRjqZoG7CfnY.h8LoCIb3IPRLAsavwJ7erA5pY4qqMavXSZoCx_nHVq1zuhjatrUf9LrftAhHm70yBVP028.qKVN3ThqQ7ER9dEjnUlx7HkqQvR4WsQJOApwL59hVBuC1l4EANfPEc.Rw8fSXmhFosus6Y4s0gUBFC8aay.mzSA0LcFjSEW_j_egspthMl2VkggwEi9Gd6tkcKI\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Sat, 13 Dec 2025 10:27:41 GMT\r\npriority: u=3,i=?0\r\ncf-ray: 9ad4c536497db517-OSL\r\nlocation: /cdn-cgi/challenge-platform/h/g/scripts/jsd/5eaf848a0845/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=eKtAA0y8n809aHIEDcZUe9sp9l%2F4egBMoZv1Ws9AqmSezyd0t9EF0PgFZX11xuHgqUpUs59slzoRLFBiTsAcw25W%2BjJ19hVSJJwhcH2K7Z%2BvuWztCQnQPLqkoKtvO8zvEA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1265\u0026min_rtt=486\u0026rtt_var=451\u0026sent=2549\u0026recv=202\u0026lost=0\u0026retrans=0\u0026sent_bytes=2828905\u0026recv_bytes=42635\u0026delivery_rate=45713492\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=35159\u0026ss_exit_bw=24053880\u0026ss_exit_reason=2\u0026cwnd=75836\u0026unsent_bytes=0\u0026cid=08acc9fe5aecff56\u0026ts=1180\u0026inflight_dur=293\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10315,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-02T10:30:44.699799Z","times_seen":14521028,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-13T10:27:39.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Dec 2025 10:27:39 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nlast-modified: Sat, 13 Dec 2025 10:27:39 GMT\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: private, no-cache, max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y5Kq%2BcyLFKJhUGpcSA4U3OWfEwI%2F2h%2BtiITXlE9bu3NOimoNS7EGepNywdnF5%2B10DLGdW7u9cUOjMWzfz5YXTxCCfNon9%2BkGkygi632u\"}]}\r\nvary: Accept-Encoding\r\nset-cookie: xf_csrf=Vxo20a4b3RO-LBfJ; path=/; secure\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=5,cfOrigin;dur=231\r\ncontent-encoding: br\r\ncf-ray: 9ad4c52d6811b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"XenForo","description":"XenForo is a PHP-based forum hosting program for communities that is designed to be deployed on a remote web server.","website":"https://xenforo.com","common_platform_enumeration":"","icon":"XenForo.png","categories":["Message boards"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":139217,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9485)","md5":"ad791ba398bace25d972e94fe0f8a2d3","sha1":"7891de4248c72bbae672b0ae554aab865f4e4559","sha256":"57f709287d34b3dbc67084f076275a64297fefba717878c23dec5b74b720748f","sha512":"eae34e5bc7b8e72930cd2e97f8aef14a77646d762bc3ee386465c4e3cf86d9677a1cc58d8779fed6f390c40eda617a923baf81355f269eb50f8227a8c6a020cb","ssdeep":"1536:eP/wrRNnrW7Vy5Gt3Kb6To3tWGOU8kSBFVAM6x/3:VyoWKb6TosjYSBvd03","tlshash":"95d39561a28ddcb7002713e798117a5930bfae71d6a610e5f2b34e7e8ec6c51bb4e053","first_seen":"2025-12-13T10:28:10.366753Z","last_seen":"2025-12-13T10:28:10.366753Z","times_seen":1,"resource_available":false,"data":null}},"time_used":290,"timings":{"blocked":24,"dns":6,"connect":1,"send":0,"wait":242,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/xw.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/xw.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"e07c-65237f39-9e4a73;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:19:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 57468\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ljoc5H8jobkhhXDN3nxrrgP4HP5HsTg3yC0LGvZK1hoXEcRKuuDNgIDZIG0FaFZ8ffef6u%2FDnpfQokw0yVQ%2BRV3giRENecJ%2BlloYpA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532492ab517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57468,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 372 x 396, 8-bit/color RGBA, non-interlaced","md5":"daace371619c3b8bd5238cc0e6526cc2","sha1":"856f91597aeae5bd39b8e1d3d780f159ed9a74df","sha256":"fbabfe1817ef2f9db38a156c696ef53efb446c78a374babe8e280d94544d9e64","sha512":"76bd29064622a8dae0fa56fd063ea5c1ca3f5ae8797e19acad582e78a259ead3b8ec46596576e60c678abb61f0b54f610bd97737e20d1b9dc346046766b9b131","ssdeep":"1536:f8IDTVRPJSBjpSC96zVn9LKpSKMRzUBKiUv2E:fHDTqj03NVKpzEzmAv2E","tlshash":"cb430205f254d8dedcb017e5a5609d908aa0bba17f6ab0bef181d3c171a9137bf243c8","first_seen":"2025-01-04T04:02:55.896669Z","last_seen":"2026-03-14T16:24:30.301209Z","times_seen":4,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/tool.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/tool.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"72fa-65270fd0-9e4a86;;;\"\r\nlast-modified: Wed, 11 Oct 2023 21:12:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 29434\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TgLz1V%2BOdY3PZlRrya5oDCbGDna76MXm%2BFDC2FL4HSRC34oNVVNoOdTP7WHdVrxg%2FBDGUSGl6kEQS%2B09axb5FsjBtMBwfq9V%2BmSM6Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324925b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29434,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 246 x 298, 8-bit/color RGBA, non-interlaced","md5":"6b58853df0b9942c80c7200173ecbd27","sha1":"115f9dea8578f3e16c814f2d76458665fd7d47a0","sha256":"10bd0fddc3cd855bb1da1a925a49d58aa94db0acbae598464c22d8b94dd577cb","sha512":"455161d61a58c9fcc4511d12383d4ac26253d82b8ab4163fc4ffa7af3f511d551a144a7bc68841d2925b8d11eb07497dd476685010c20d6f0a15fcef97f796ff","ssdeep":"768:IE/QV46glnyKrTGevOb3/pyQizqAUpat1/Nig0uDhHd:IeQVtGyKrHmr7idUpm/0O","tlshash":"afd2f1b237093bc678dffc56432d52a35e30069aaf22410eed58525d8d8743bca177b1","first_seen":"2025-01-04T04:02:55.902923Z","last_seen":"2026-03-14T16:24:30.33844Z","times_seen":4,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/vendor/jquery/jquery-3.5.1.min.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /js/vendor/jquery/jquery-3.5.1.min.js?_v=32a82bf6 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 17 Dec 2025 20:16:19 GMT\r\netag: \"15d84-61a9f8ae-a80b60;br\"\r\nlast-modified: Fri, 03 Dec 2021 10:59:58 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 30121\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nage: 223880\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nWDhSi7KSMsGug8fGEm5YPS2lqaHdizgwn%2FCYW%2FAatVmwV9aTiepZpHQR9CUC%2FpUvyimS7YnJpuNu0dGy%2BxlNVI8ZKhKUXSk7VbfkQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ad4c533b969b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89476,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-05-02T10:12:11.268774Z","times_seen":231077,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/1-rules.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/1-rules.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"b51-64369edc-9e4a89;;;\"\r\nlast-modified: Wed, 12 Apr 2023 12:06:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 2897\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ImUYhifCea96uiO2LGMONv8RYxqhiZRWJ%2BWqtLpyVvbJ2FWcQEgFo%2BpKNQZM1H9Q2uNN77PYAjIbQ%2FauK%2BoopJteDo83vd9Q4AD6Ww%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532191bb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2897,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 45 x 50, 8-bit/color RGBA, non-interlaced","md5":"fbd9abc93627a200dbb10fb6fef928bb","sha1":"fc52d65505019fc8511a68a9baff9c512c2b7ca1","sha256":"54d963e950cc16b5edabff8bc67d3f7c09ba3b38b0c4e113c083652b861593dd","sha512":"10ea922ec4197ddf6b6643cdb73edb9c81db077f116d514d4960cf6da6ad56ae023190457e33ef37582bf6536f817f2de29a298d18e59018b4ec952f9587d71a","ssdeep":"","tlshash":"20514b9336da5df9d813993cf8d9e66035faa8ae4620910aa1df45079d747a060bb203","first_seen":"2025-01-04T04:02:55.879369Z","last_seen":"2026-03-14T16:24:30.352873Z","times_seen":4,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/skim.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/skim.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"65a5-65270fdb-9e4aae;;;\"\r\nlast-modified: Wed, 11 Oct 2023 21:12:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 26021\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D9hzZEcTNIgl5n7FPoCx7m4ZbunlMGL%2BYXzmUQ%2BhOMZUvWki0qYs55SE5f80O4M8fEGwyeqMcEeT5Wa%2BrB4o1kYlDnyTAq5QNxHeJQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324928b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26021,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 214 x 184, 8-bit/color RGBA, non-interlaced","md5":"e4ba309914eb7fd256b035a74449560c","sha1":"d7ff868910ded88c382582c37cdd865acfea4e8c","sha256":"b85b7d45f468f141ab1b0c4bad61e73a7fcdc8bc5e0babe02ce4ce5c5697628e","sha512":"795c96e3da66961cbae430f1be0fde467e5fca1af3a57a7930b8c862804fbead7efb33c78c7e26966722870268884b3c474f36802d071dec8eb7ca547a50aeb7","ssdeep":"768:qoa0RuRp0H42bNuzu2UApoYJ55sRD7jW2DSaZS:qV+0mNuZv5uVNDDS","tlshash":"0bc2d0f6d05e8bd9e00512d3ea48005e6e3ae96b24487d9e271404bf481bf0956e33ae","first_seen":"2025-01-04T04:02:55.892547Z","last_seen":"2026-03-14T16:24:30.353817Z","times_seen":4,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/image35.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/image35.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"ccc-629c2a96-9e4aa3;;;\"\r\nlast-modified: Sun, 05 Jun 2022 04:01:26 GMT\r\ncontent-type: image/png\r\ncontent-length: 3276\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hjpwT92b7kQwBY3r%2Fh4snK9sJkSq43d3jJ3H%2FAlLZGXkT18YSckdV3OR4mRU9B0pXdOMjf%2B53L%2FZkoOeBx1cgZ8hrRIuP2AwZtXyVQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532492fb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3276,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"187867ff3c157bd43932f9801c944332","sha1":"0275e29c85719868cc41aad8ec07ed97941bac30","sha256":"0a287b673b57ee70b8aa06b859c189a10f60768e3d73d2bd1868a205ad6802a2","sha512":"a620e3b7417a4ad6589c39d92719d354b5286fb0e71756bb87938534eccfa66a97727dd2ee76c87ad08173bf7899e781bd64e9074f3e7bd31562adc933820128","ssdeep":"","tlshash":"d3614b9aca30b07e7acb1c90477c6a49bfe6e2263131b43e6368724454ac9e52599dc3","first_seen":"2025-01-04T04:02:55.891639Z","last_seen":"2026-03-14T16:24:30.318187Z","times_seen":4,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"FF:92:1F:D0:E9:98:18:CB:FA:1B:90:BE:3E:B9:41:44:DE:05:28:15","sha256":"0C:A2:FB:F0:F6:40:B0:82:E4:FB:1A:51:96:48:D8:22:C9:05:C4:41:67:1F:41:D4:8C:F2:B6:85:A4:D2:3A:AF"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://shadowforum.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 11 Dec 2025 09:55:49 GMT\r\nexpires: Fri, 11 Dec 2026 09:55:49 GMT\r\ncache-control: public, max-age=31536000\r\nage: 174711\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-05-02T10:31:03.02754Z","times_seen":233622,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":156,"dns":1,"connect":20,"send":0,"wait":10,"receive":8,"ssl":147},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/challenge-platform/h/g/jsd/oneshot/5eaf848a0845/0.7690541367904427:1765618042:EnQQiB7ZE7ZltacfilqUVmgzuRja6aOmhpcgTeu3uts/9ad4c52d6811b1b8","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:41.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/jsd/oneshot/5eaf848a0845/0.7690541367904427:1765618042:EnQQiB7ZE7ZltacfilqUVmgzuRja6aOmhpcgTeu3uts/9ad4c52d6811b1b8 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12154\r\nOrigin: https://shadowforum.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ; ads=1; cf_clearance=.RQPLMRygdSf0S7wyMIhMstcHLdQsYfRhxdAUwsW4QQ-1765621661-1.2.1.1-geeefwZh_I0OcXWI6FXYLGSlq6TmhRjqZoG7CfnY.h8LoCIb3IPRLAsavwJ7erA5pY4qqMavXSZoCx_nHVq1zuhjatrUf9LrftAhHm70yBVP028.qKVN3ThqQ7ER9dEjnUlx7HkqQvR4WsQJOApwL59hVBuC1l4EANfPEc.Rw8fSXmhFosus6Y4s0gUBFC8aay.mzSA0LcFjSEW_j_egspthMl2VkggwEi9Gd6tkcKI\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12154,"data":"-iDrOgVSWMEYVYVclbx3TWSb3qb6barqBKrWub5rjZWtZCBtQbXr-ZrRCb$b99bu39Sb7UWx$phKWltThKbxkkbbZ1b6pUgxbS4EBnD6CwZ0WbXcB4XFUISDbLqXw2iD$DKu-W9GOrb3FgTv5GUVBj0B5JdbjOdIbpKETDOgUgLq1xLa-bVC5jr4jOPZbakQ$Ak4-A4XW4KTSbayPbWIbTTMpbuJ3QxhKLN3$UxHWDzN14nmSba9TbbIFxPe7tAuxbE1uFXOhX2UbVkQEMWqKbavS3EkK$5qb-nB2qG2t$7aSbWJTMuBPAp9oeytOrBbV5GbgVh3MbbZ51pWgb-VnJVvoVbE9grVmXq8bbg1jFR4dD58bakv7gYAYKQocYJcgavJgI3o$0Wxl0KpEghWIlSSW8NrWbDOaZ1AJ1bDpLzLdFML$bVLjL9$d-OQEP7oDF2OBNG5bsqVTbbM4Wm3I24Z2qqCvbaryMOdZQacMR2Po4-ygQtd-LaDdRyQmM74DbZgaYyCKhZES3OgVqV3r+Ti90XlsK6NvpEKAPHZeiWeMcxWipqHbOAYjhpK7vRk3YK6$8PwpwUFcpKb$Lv837hNyP+nh1jkC-lNqS4qg9Yx0bcQgkcHaTTSq5q9cVhCFC2KaTKXpPr$EiQdA6B2lLRVGKmFNlEIMAqcuUXGwBWtIb2saMcXmIr$ra1jx$uh8yhvR+r3ALZ9PWTLh3eBsg$nHVQhe3y-MFU1xhAH3QvaiUhvi3yEWEhmelu4iPK8VwbbH05D8UCUH0kDK1UY7DlBPWr0Q20KZbxbiprtstPEXrlRrWTZBgcs1g61ySHrwPDa5rukF8ILKNueErEVYA17T3j1rrxaqHgkqUAESDKEKVaiETSaqeWqMSbTkqDZEpWDK8WqCuii$iGVrudDgreSvPRTb1UKhK1087aF8VubepzWDHr+L7TGQsW0xvWDSgXubvrVAv2dH-BS0SPKF8-VaQTo7KqJT9d$W0qD2E-WDEJypBekgWoaTpEiKndOrjkpu-rviM9lLBPKoWiOW9VBZL8Ga5W1opWonTuEBcvFWoF4FJasJX3k4uWKgF0kLUS0AqdPo6qUS85X7O2+-K0CJ$CsdmSvaW66obW$obFcbN5wVWMPWOrBWC$i6WVSUpwiLEv$U+EgjRPM1jrwPpESaYxJM$u8WCaWF8VTdHUqvp2w+PpB$kHoeWkDKZWrtdHjR$KRCo5UReCEmZEaqpDrWJpYcquOkPTniRpyDL8V2DDkYgE5TYxPNtERs0ZjpDIG8rsaTMrDkEnyaYK5TyUZV6$k68rDKtU83MSrU0Ddg3lClUxGDZD5Kgtnl71LriBWpJ8ksZb8oXiXPyUKrTublULXX$VTQK2r3vUF8irmF019mBbLwb5ctX1F8+J11L4DHDVSoidbiaN8VMDDpSI4rDQ3a11d3bmGSyi2$zEmG4VV$j$V+GULg3qIv+9BDWO4qzhHNCz7PTCzDNYJDkNk$q7XPmnl+CRoDVCYS7+HBATz1$Ak0R-AWPj2AF8Pi8pFGR+ZEAd+sbiZ7EAbb5AAKUE7Vrsrj3sFOI6RlUQtt$KSEMB$WJ0boVDV673E+QrUVnEvq7dbjYOUSdORxbogUcZEXkQ5bOg6bb3yUqKXamWXqCbvPrtYSWk-DWU$8F8TqNTphJSM88VWXK7Q7utTXeZkP16j3UK8vTCqk0rL$i0W3WkTDKkKCEzgR-qqNAKjCrNN8tYZEUGVTh2bYNS6lN5pqYcGWD5d+dvhtMS69-xd8gqOwI7Psd991pREYMk3ZnKHEnoU$WTq1TSE8MgGg$$ST1pqMhyJLlTpYgXbCqU-LWTKbBMw3KKQdE$gMM-Lv$gXYviKeTJqsLdK5V4EbszEcBT1gQaUsyqkobhhkVI5WqxRS1gFqgXqYbeb+QivIxqgLnKIKnGTtQKrCrteRuP$pLrKryPnKN8N$w$Vmrxb3qeEh9C1Qa5PQvAbc5ZBwDcSCHrXd-xLMcluXxE52CrV8bn$qobq5XbngDEigoTh9Db-DgqCaasLk1iQ8K3kk2UdoXVodS0BTBlSpCxsnSmLiD5wWgVJxGsLX8XK1tD7KIr8QYgGJ374u$FrR6qv7xM+KML26KxhYDTRQbm10vhXkmDz4c8ig9MTrbJhY1hH-T1p-wTZj9+k5H+D6PWtBE4hiFJI3QEBCp0NMoFXz7J-qm0u1Q9aqCcq3PChBJSCnWL$rvqDqIXqN0naJO7KmX39SyElthSHKUcriHjPcGwwryXhJ5VaGmEPz477rYezystb4AglytquiLA05ZHOnTZSMKPM1Sy03wYb4Y8uW15OMYuIwSWurQgDWKS8ERJhw0rlJBMr8VY$MSS-8h9eQqaSDGByORkg9O5aX1c9ck7Y1PZXxOb597yP8hNBWL010Mq1UUKm6UJbdbVIZ141UEWunSU7$HMioJjsTD$9n5uaxJ3p+uJhwrnur99Wl5zwpvU9$TZ7gd8TnXzOyKjxv-o9$pFWSY15k8iYhHpRUxdM5Epq1PMIy$b-ncpb$uEc6Y5VHyUblgaF8pWCbgeSxd8booSYZxbKiskT7V1iJUHUz4-2iZ5hJqJOTneM6y14k-z4TCbqkU6NMsTbS5qD$u8dFKgX7eHw7Jc8OIH1mwBbKQsznia8V$GDS-axjLxsXN$qBy8+1O5+nQJI14$3M5tV$k79YvneKebXdilGPQc7zPqWWut2BThIp3TFCkQykLc2MXP9FHUn9QaMWqRdebvOZkD7WCDu85Sh-$uF-2jBE70QVqj3J$US0n3GnxVPo18U$Z5NLYnt8DGvGiEFCD53S3l0YOcABD4DV6c9VZECLB3cWNJJXcdLiaus2vYjYAZJJpg8B$ZLQmP6qH3Tq$OvmUC8xslWTU-eLxxkjv4c9es$4VIHm0NlED-YU8bYqvw6siHrz03sPiY8UI85jc6wJCjZsWqp2DRzWd7HHq2cZ9JPuq6q8EY2MO1q0ZM6zpbpcbjRIrK8MaULAkByCOxMvwmK3BAxaJlS8o7FLaThCZH5BLFKeI1ZgExzDGQ2y0-7xWTdBa-$1rCZYay4ORHhDXaUsC2Q93pEv7UvmDQDhYdTr8WmSJoYFjO376I+Qr4uJyj4gzWx0U8bFj3r0t0GNvnEPySSC8FOzC1dqP9M9MYg38hqKBk5Ao7crZPk8iQgwcx$kZDLkHNi3D0SMm7CQx8hE2YAKL10F8iYwWWgpaOsOtZ0oPJveGzUQztQqOOCbRGLbPSqrvPXpdALW-Do1KUcETCLz7NSK4clVyNQC2LQ2SPPFxaSg6VrD8tFsDQCu2o3oOnHDLJ2iqAuDje$7kk4nOxhbvKkErcoaXKvwZLUTd2do0gw2X4r5j9Hq7UBqELxupVJ7WEFgmaJnrmXrVKjwDXD5G-GO8EiJ76e-+83-D6dgL4H9RKg43jhTZxWG4-PbdrhkVv58Bg4eQIR-ORVvKj1YVndxQS1-89Zw7piYZSNFi9OO8gZp3CbUUTECEb0WZFT4hU7a3XV96B42WjE13Z6qaaDo3Y0b7+RcKEZX6mpqhC15pEEm5awtPyEPUaZ04+hyVjb2BJp2KRLbPrumRK8nEMbYBVhLRM1D0ghT1MDkVDQWOnRnT$R4WqVxU8blEbr8HY4ai31UhTVIEMUFKYaEhT3Z31sSsg4bu-ikaKsT7wDEZ0i3q-EOP0b75J73qz5s1QRLZCdUryiTPWprR5OlKxd8B70a1YTu88HrgmPSEdpc7eHCUGR1BENyNhKaOKRTNjQRPMUU8gBp4FR9P0Rnitss3VBUu+Ouuqa4wqETuKrwZBL5g8s5RViJsj7pau1v5LECwSEiEmqNDdqhZiZ-rtats-hlqrWMOggwLrZgQCg9sIBxutpOgjWkZ5pYLtQjbO7EuA4hRn4ndSbjRyR81zB6LMQ4pnDrh0V0HuZpiaTr8Mb56CwQZVR5LT8kNeaEhXbwEkB1aQ3vVL6-Rvp4NciOq-bB6bx17FNadSDxEGihp5UPBF3r8c4m6c34WRW5P+PUaERQTFRMxADYDrry6cZpN7b1bAajB3EAs07JTCbtslTFpm6FipRM4HWMWTVZ4j6Fi3NM5JKCdHq312DK8HqBDaRO4S943BDN4tEBwbsK0L1SR9KIeIxqECVsdjaSRr8Bstbgg+OMPX3WEMPYLYU-6WeJ57swEAbWwFZx7I8LwSWMVjW-DvP+OSQN0hTiuyraNW7rZNRSVNRvKEZg1r9Yx5DgrFb+iKgFHYON0QpiEbRRVm5WWMLsb43FxCWXaBRkV$Z+bXUC4aiBOMP2WkW362qE5nCC906VxEsADLeT9r6yWSWvW79e6Y1WsSeOQ9Uq6AW8KH3jEH3+b8RMd+pl9rV7dwWGw-9ONcq0O0iqxWpExn58HwhSEdHvhXVDDK8OZ8eOO8WCBGigKyCdNUeKe7bzb7T85GxrQS6huP75uNLJ7ZRyiL9-HC3IO2OzbE3DhgW-9WC+eDqK0muxCD8-73b1CCOAEiVzi5NaVUakaZ6AxLaQH+i+9CgYVO8v5osAC2B2BCc8KXs$dsOaxbB9CNUJ9rHpxurqd3Vs1ghHpubvTu8hZYDua9uxwG50TOCrkJBrGNq6OP3GwnNvR6uXWTkvbIE3E3xOOk9p4+6ETibXL9OFRKJUqyTWTXswJpV9dWaXKgs3d9d0xi1rbg8kbSU$c+HhNMV2RTc+7aO0uvWpeD9aLHi$ivd0OsBJU4U342pMCSJb9MuhLK0LwI7Hq96X5Lx0DCuOO5ec6+1U8xpSEc5QR9KUHyW2V4ERW9HnZih$h2HlVgsyCKB$TRc2T+L5ZyQMi4weQ-c$7xPt5ARlG6L7Wk3iW5iKLPcK0XBrewORE6stur0sU7K5NuuQOcZlGx9H5VQ78i8lWSbv7wbDaLNgUE7mcy1g84VLUZZ5Kmu5O7bkbDG+Z49FQ3dVb0wnQc48eIBLZ+sRiib7ka5NQi9GUAE7V8LdpibyuQ1E3QWJVMEMJdK-GZNFpo75EYcbC-EeRPx8cOLgc4sACBP-9+QLJUuXaUK8WU9LJ94mBn4knQc5s45X7M2Pd6Da1qhXa4KWVX7FcjxsGb0P4msm06H3WKvg10bt35k7Po6g9F5yaaLT8BbPhvkrPVdaDqvWJvxtpokiZD42OXNFpbolpQWtptV552Z-QnRqEHivwtktBOk8anvtsQe32qLAWEPXRECI9eJ9UgN1NPwMJikgNVGOsuB8iH3TV3V49CnmaEi+BgZvWgb0VpEjG7Eq5NkAcu0R32hu8qx9U0UR9bGc67VLskG9qDUYV0uOLHC6OcZEE+hb3qVIaax6RVxEqxb0unRnQodjE0GYOkptdsx4Gu7n1ZhvCkuXqE7XLy4lZ7s7ELQ+heNuqD2giZvgCZ9KJQ3oZ8E8cvbM7Hb3i89gUZGRxjNWOmdQG5kcqv4dcVhywThAR3WThno-Lakv5iwFsqL45weaR9BOUIHL9FB5J9W2pPH3K07lo5E$gtrY9Kxb1D8KskW81JUj53WG48uP6XBdqRq$C+HY4RnzbBu$C9QU9ikI9-7KgnxOZ512oxBg3o7JHZQ6cVx+PJnDw4bXU+cskkMY5TrdvqJ8ir9wWCDF5tkg0LwNLAW7pJwe1AEpPQTji0UsueQJu-4yHya1CC4$ogsRV1hgMR4kWwq-coZpxvWK2S1aTIQhUD9Q5KHAxLBre+q0wyWybAVw6P4aio2Zd1Pr4wbFMwRci+xr0q9r0cZ3hzcTbr1jT-LHs+Qir5O8gh-HvrbV2kTyRTjtVLwMdADca5EHbK3HZtun$2bD8INxo+utD0w-xjaXWm9b$Zvh2qDBO7nkvVCQJinv2vo4PanBE3WRbw6ucYRVCW$KLCq9JEcz62iy12NLH-hyh7C99bRIcrBL4EUEZUBUBRPaZ3N+k2QHa79eCa5EMRVRE3c3xYHQTMWKekkBLCrHGA9ap4wkEs5EV$u0vD4P4uqKOAOua7nTMBe7ES63iON-9QuM4aiyne1PaMp3qcWado9kqkWvq+VQNZDwEWUmUFkQ5lZ$jVCt9Bnx6NgYp2McZtV+6ACIuM8sol5SWRqI2AOon5PAHCJiG2nqN1Z3wX30WPMIr4qWGF6Y4OqL6Z-g-e-wbGM0$E91oWb8vxWlGckm-sOIvO5OTKJ$ceQyvXvCUDYEZXsZNkkUH8g+-J6REKjCE4vdwRxcCuxvkJcYyJorZSzkcnhC$uolkOQdd84oMONWOJiXp3bE3n1avkZEiYoiv3tWoiZPc92A7LcxhybE7PQpD4DgbE-dkvpLp41J9J-QHYUX6R1ra3CM27ika4KjVjbMqWjaVYTnChBRxLn5PaM-VFkxR$cX2VCaaB2gjanMvuCGC-bqZaKP9Y72NosmjoQdQNMIkrRJ9C0TiHPoeV9gJ+vioJyYsJiGu$vlQB3EUCdjnRQeKgbuMxWtvUsqvgVVWhHc3wekEoRlcPRr8-hCiXpMEPBYpCjM52VyG16AbuoNvU0P$7yjWzLVnkCaokzw2ajMWnEyCJzGDmb8WtpK8boXhlVwoVzZh$a8$nJGR3WG-1MZj$dZ$G4I7MQyZd9gHub4bxb+GaBMjZQ7nv$6tRNXjw3YndyO5WoKXav9UE9nvgNIoWbdxCHhK+PdhwPlK6uE6XvI2tcvE2Patwqg0TRlp19RQGLenwyGM+CaeIulcsRoQ7t4Yw7-huEaRDhqEWD-4pVR-Sqv1uec9Aai7M1WjOL3AVUACdC-rZ6-V83YTL$Uk9Rc-Mb5cYqozez1lNUaJaL0$zq$4xot-o$XqLCWQWQL-PjpPqqKluju3dvceg21RNDw3S25tSceRxwCP+bERTW6oy-5WvhthD4QWeeeZa53cw3bYp$EG$gQ$9EuV-ACeqD3x2KHe2B8llyblzWKkiBiRWY6ovSDJT9eCS16G0PpPJh7YE-C08xwb6RulVJd58B0$+OSt$BGY51qdHEYwrYCGL2zWdLBvFoINVGhZwGAelJwl+MA3mQXN7MDqAE7d5VADRKWGg-WJsh-eRES-xdURlKN5uzFaN0JcThqu+jkcxoVWIjFKlMu3gWFiGtLt7sQWGyGoKQnU3Qltm32OUGajxqIthDjVsYimJOFCha9LBo$6tECjDoghCt1gMSSlydq+ulCI2XbLi6xyjVvPJ2wbWkUrnpP5gI9BQo0X5b2GwV3ut6$e+ex$6HmravOliisel7Uh8j7QhqKrwZBiYpK7NKgzSrNTFLx9PX5BMk-r1EnA9JZzsJLbE3XCTww9TbPxMBTRGdT8lEwVVTlT62vABthXz6hlFp9kwDRlHONQ$FkbtamNypT$wM7pw$+VHYdJjbX3mCetIOO1e9oC-CONnzaR-93ZaKKhap--8-N18MVtEP-M0UmLmDOh1kbF9pCqgxXqqnymXInIrEDvmbPytAjilXyLqJEQc-UlAwT1ta0mVhlxDa4s7bckpFp3YvqvLeS7wmrQ8l9PcAOjwboqWuac5Pwo$pCqT9VWL+zbBNaqvAc7GmlMrg6TNqdMEK-qZldGULvVGhiXAD8cqiy1xbL55ZVD6OK$vECRtUSlp0PqCRT8LkBpq$YAKExvWUXXlq8rSRxU9VQ8-rtqcXQ1Y81aikdCPEqiboT77i1s3aASAzHrnbjVwbCLkhVYu95kZwCsSDAMXUnELKXlNvAKVYadg4YRc6EuzErbnbEbzvZbkigZaPKwEor1raRuNK58r77VBeSuDoKgPPW11qrmDjvek08CQbhBj6-1Ds8wDpbUgXTV7aUbq-83wrmZW6u$VrCiWd2bqM9WR5Wbc1LaOKuETLEVEZv1KwK$qOVN18$rkK1Gz49guDLADCKiS-qjBUy5DZ5DWnPsxYUbrW8xH5DACMVPWKuVvDsWe8cPqJEt1pPZzskMDwjKuryKUqjkLKu8QvV4YpbcVrVVqUXwpKmZjDEPVrV88LKr6MvDl8Hm8ULKyXWMk8Pa7Q8BBkZWDux1pv+KLK8VNFWK6kkJ8DrEpgu9yPhqy8mK1i3BV$aaiC8cK9DZv9gu7W+K5CpwYkOLLqrRDbFcd$YbFand2rOUmZ-5WqbKmTS5DJQ$9aw0j5b8RUju$Yr8s3a+VZr1CEWM3Bj5yWyJWeN7W5aTZk56KHKgOgdsKqi5Ovp1L-dzKaKW5YDoqTmV5dAWZ1AO5aCBaW8qrVrXWWHCkMVETdI8UkbW0sWgrbrR5TPM7swjcWyDHZd3sUW0c7qyb6IhMSk5O8R4E855puDib7r5Rr05V2sVerIgVsYdrVcUd0VeCY8CUJ1q6ZSMg-TgaCoCaDYz-rj78BCAMKKmDV3$MBq8b5tjKiliuE7qrBViMXvlZ-VudQ05EKkvGRET02WrdDZdvlvrnBGLC8tBTrsMq74TWB89CMKxbWpaVgL8hZYwV0C4a8-g8nZ0xbGp4a4IbKcPXSVmusVSbPdkDvZOZMkOiVrKSrEg$kL3uZ14SFU01TvMTaJmSb8GkM3Zd57F8C11jpEMMMVqyqxd3RZkZZaLTH9o3bNPY7UVNupgKK219yVuTZg-godUikZsJW2a-ggKTiWUNvgR0BWzZ5lAMlYWp02C1KUUN7CqoUV70sD0qP1JtrI8r-I8luuyMPLCWkbcbyvT5y7umZbr+dbq4ruETwQjV2qUiL$Od2us-11LGUFKsb4m3nVodFiY7u8OOrbrh1cJJ$WY57TLr+rXikKOrEiERVudwjlp0QWCi8EmbhlLOjEVs0QDDM-qbDWZb54l7xLVv$uj30k0OC8bjqeb$QuIEWTKb$dpPN1gPTTpolsS-eC62-gmL1KEVDQy5T7pPYgcC1IKM4vX4RbsrHQGbbAd2LkdSFaKlXtckn755uLqtjNDEUMWji2rSrTJapu-QZYjbnxGpEmbSwc525RVSrKrGFVZk1r0qhq0ZPTriyVbdKPgA1bbVTeKLCPUPYEgm4vthjrL3DNKgLN3qVu5hDWi5OXyPJMPBEeVCsQVNqag6UltqLUFpXCnrIBaWWKs3EUwpHcSGJD1L1Y3Wkta8VZMnE6YZtjkU1LkdFWWbVQd5pnxoMeixyEVRUJjWUVRekT43UikP7nMuudQM$A1SRgaUv4YghbFBJvk9TLEvUrrU1wqPGupaF8xQ4HGIZZEx9qrWkU1B4qBuau2bV3Tvb+CTV50iVnZU1RYTMrl93QulXWVRc75Q6yWArkDWv8m$ephIbKeCOkcJOt9i785KDqqWn$sEcKmqSsJSJWMZWlKtCnM+DXtOCEpgHQ-CVjCpPLWi4ZKaMdM$uWk8C90tCUGwu8wSWuVcrW$qj$T$IqZawb4ZwEgjbVVIVa1UrVkGRbuVwg5r5KJv5ZqhZx8hboUliqkgVKzTm1Wr5MjJGirJgwi9CciEaw3VKCX7$HWcsaol4kJE7MGXx-LJ-xcKPbsM+PD7aquOMSb9CATWjqY83KXDEY83sMukgjb4ZOY8SZiqgHsoe7Oq7rOZMzgc5hZqS2KaiWAZuS1BN5khas-n4FwcD6Uv$57uV5yLcLEYgwLUq0CYKUZlUJ-seLECrbX7EbGnKqUNCzKlvEYBYABqNuo4uBXHOxhs-6xd56gsSeyasEX9owCrcesvg2L$1-wnDTcqt7mrXxK8GMGMnt71atEsX272w6erHMMV5XKB8rscVZbXC07Lbab4wQ7E29Z19VySzl6XbX93oOB52bhPz-E93vW1jRbMg6uzewb8BkKTwqvEADsws7GIvK-Wuo9Mb+B3kP0MePbc3mmdzI4GzOaNebPFBkWyI8A-E9v5iPjxTwVDaEr$wLb6BOVGPJUJTbpIyS9w-u0-U$4FVCIFw77qOiAwxbHkWKhsPcb0Kua79VlKH$LR67g16MG6LDblWsZE7nAqKOb4ZJ7bYWWJctc5D+KMPCTaWYVJQo+dO4XCWF$nuUyLUogs7iMCKOXVkLrO+nQuPqED1XCM58MZg2pQ3jAeWOO50Mbd3sjk8mU0vRW9kSNuQg1UYa0gCUE+-E9Yd0rLrLVkKNScnK1iNgHdGsL1JlPEMIW4dAi1bGmwU9wYOtcbz0NpL+aBgLjjADI8LOr9PTQC3sDuVWwL5jK3d6bQ3VBP573UnUM2WmCdgUB-M-V52WhcYOKB4bSHWL8COIPx9YBG7W6usedYNvZE7dp+dYGBJuZETntl5on5rMGZ8IBpOvQL0xOCaxV7xzkt6xcKl7cV7oMvYYg+WsxZua7KYzckXPB9ySo7G6EuJqqKCwwIQZJ8yeBbpbOC-wPs-O0HDcv9Su8ZI1J5b1NB1SUqArqPcc5ubnrMdCqaFJbOcxZW4PYNTwV7is79bSDLE-E9+PEheg+wDnOeH1Pp1GvwrGiQPPzZUa1Us2WpEaUYiaaWvw8lWTZWqhDK4ZCKjgN-9CNj9ySUl-a00RcKKM3vVnZwzR1VUCicSo9Gj-Ue35$aGUh8k9JHUj5W9bDb$kIYlxWK2rNqki5P1Hr2PmqnsLwuWO9JAEcDHq3qu+v5b0WxapUhwMOL5NgNorHY1opvVMbJO8UEgiL6-L-knhEMYvwoSY--c2BIxekN6W3hQC2-ykp1vrGRWIWZ7AC7Z+dK0nEGNbT9P-S-lO$axT4-bi3xnAgwLbt4TMbYoo5HLVsch$iobsn3e$pJMb291UXllGDJG5wIac3YyJDa0CvVebF3FoleOm9ohMBVhN$pPzygdiRo7KTFPctO9LwRoL3ooGDWN9BhYoNS+-32LukPhLoVxSXpnegc4hCrqTro32M$JpN5B1RIlTpsNk44MckDIBZzj4kq1HBVhiy6hYnc2BLqlRorOWrIkuN0BQWN-lAD6rPNRJORxFKssRiuhsBSrLFSlNAJzwt97RIVX+DKO+EjBxz3LAxtbG4hYoUWwV6VtrkENU-6BLXKhtbcFPaJPWNDbR-XkZOBJtu83b3r-k54IoqSU8KhtDGmdnuc3I8GnQ1oTMr-XWYIJxYZki3NCOWBtKhzZk-Sta3BG87tGRutN+BKg90TDzDoW6YVF31K-DN1vuhBa9Phpk1hbnX77ueuoo51hvJEgaJtggOjchMcACQ-nboX5LYYcL4TBc3ndSLTac5XC90t-0p7tWc2hP-+g0E68zIGU6g-+gxVSBtWc132-UTwEJxygkxbZ-VhdLSazXpS0adGRmL5ahwG53v-dTIockzNcBOCy5K7ocxQy9JOF9mxmQk9CectNIyLMO7lyDJGa6uZdxeQlMh2Jn6IoQwYV1JthoeO3aKPlNkMhXKvKr-dw+7KJNknHOwb3wgN7Yy3cXgVyKnhQJJhZbm3uyLMLN7ShwvMkpb6i2J5Dbi00WNd3nH3XFpOu0VlaQ$p4bUsq2ubnC8n0eM+pmVO86r-D1CunzvDKVqUdK3iWkN0clk6dunkZP8KnV2KFbV+Tm8hOeC6bOD+i98bgDk2lEODuH$Rl9z0kbR15M3eUPmNVoINNdG6E1V9sLuLrGbvwDKLbbbEvl$1KME410HDz1rDZvzdaS0jYpK8D$Isbrk8hLNrhg5TDxaeTubyYoU-eX1gigLrdP$3rbb54VtUIbOqEbxtb6bjDHrTSg3qWHnq319qqZStO8W2VD8WCMhlZr2bPHhdhtebDrscVPVFXbbW9Ib2rbb9$OYJnSVug4J5M$ZWZWDKOXyrYbbT89vybBXl$zGK6Y-onRPVKrAe7gsB2H8mXbb6eBonRZq1ltZVszBvhUZbQ1lvjNy-2IRzvgMTrs0QKVPVmUxl4jA4zqT0byDSUjsXbs02RROX6BKrO2aWTLrkmObqgl1uFolbXMxo5ML1bbWv7DLDKNzFJ3VbJuiazkUs6nXbYbdCOz7jaHneVqUabbTjKsFJYbzURUsbY$qnxvEoVC1qvDgrzdtmEqIFgwWFPI8lQqUY1SMP2110DKTBa57csh$Pu0oDr8vi$74VS5JKhigZ-yG0QSb-VXZ$F04rgubDxrgX1UCel4ELnlgOKBoOZDZE+vc8rXcVjz5FWOnx8vmjq5bDshkWKbkbYbTbj3azEDKh7uuPh-7qdvibrkH$i33ljLs4HbTFBAqS5jWWruF1crLrsrXrMrbEL2bDAV3aZMlNg1oVebV3auuhNo1IM9rZxbbEqwFybzjhtoaBxvL16sTkGdnqHgXQ$81$pNdvc8iZ1rXduSbbWFn81bb"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 13 Dec 2025 10:27:41 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\npriority: u=3,i=?0\r\ncf-ray: 9ad4c538b993b517-OSL\r\ncf-chl-out-s: rbXqlvr+9QtW/didtzoFHg==$JIsfUw1UNvGs9ThT2Or4fw==\r\nset-cookie: cf_clearance=VioWniZ1K_r3JRXHK3Ww1JDS_BSMLNEdvdwO7gtd6jU-1765621661-1.2.1.1-ic6cdEUyjtrZx33MiRMLaA9ISj4FbyPJgPV4cuRQ0.6JPeAl1jeRz_0eFYuYRJr8mUI7qUT5arrNeD805w88oNOgcyOpub9B4BCeKv.UgJkO2rbaTg_eoYhcYujyIuly6_fXumk3n9EdHgdUkiKVAyx5P_30AOURymyB2Qsqfdm3rlNEdJdAYtJefpu9OmCCXDYveOxaMoBoAFQlv5xWULaxgXi1mlqYXDD7HkXS3k8; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=shadowforum.cc; Expires=Sun, 13 Dec 2026 10:27:41 GMT\r\ncontent-length: 0\r\nserver: cloudflare\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Ls6ZCOkh%2FzsHKGRnC81OgN6%2BYrp%2Fn%2BYiDhygd9nZQczssjN6SoNElQ7fS%2FIhDElRhhFjY04BzER3mBDwOsg5z516mRAfFscLz3D9tpCBz8VFpag3g6kAa3JN6pLePoJS0A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1266\u0026min_rtt=486\u0026rtt_var=339\u0026sent=2567\u0026recv=218\u0026lost=0\u0026retrans=0\u0026sent_bytes=2836164\u0026recv_bytes=58124\u0026delivery_rate=45713492\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=35159\u0026ss_exit_bw=24053880\u0026ss_exit_reason=2\u0026cwnd=75836\u0026unsent_bytes=0\u0026cid=08acc9fe5aecff56\u0026ts=1578\u0026inflight_dur=337\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-02T10:30:44.699799Z","times_seen":14521028,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/9/9814.jpg?1708137980","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/9/9814.jpg?1708137980 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"63d-65d01dfc-9a7b49;;;\"\r\nlast-modified: Sat, 17 Feb 2024 02:46:20 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1597\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7f4g6jzRC2viDfaFp8l9mu34aE4uxLX4E3mnUciHAaIIrJX4PiGh1qf4gNOr7XhCA9STSasTjZ7BRWb%2BSQkt25rpgFsUUZL3h0Nr4Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532e93cb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1597,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85\", baseline, precision 8, 48x48, components 3","md5":"17366fcfa4b7a26b3167358721e036cd","sha1":"8e939692e481ff898125f78b535c093a77cdc17a","sha256":"8140d59271a75f7efa37715aab1ff2afa06bff36b48d53d4f03d56812e680c69","sha512":"e8bf0a7613bc0b6be6f530d105a4499c4cd7c8cebe9f7650e20bee59a25f85b0b9c182aeb147aa1f0999cbb2d0652f734bb82ecf39d8a5f07229585cb27edc3d","ssdeep":"","tlshash":"ee31fcbd1701e570bdbf8dbcd74d22b6d3fc1190bab50a464919423ac792cc5e04d1ca","first_seen":"2025-12-13T10:28:10.373842Z","last_seen":"2026-03-14T16:24:30.358175Z","times_seen":2,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/0/203.jpg?1658690723","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/0/203.jpg?1658690723 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"6f8-62dd9ca3-9a6509;;;\"\r\nlast-modified: Sun, 24 Jul 2022 19:25:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1784\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BvG5j%2BHFrs75koMbAeMX%2Fj%2FzbqCgkPWQaCe1KVhMghmppx%2Fhj9RZl2rKsJsYkDGru5OhWCe%2FadMVo7zOQ0JC3DBNWliKfRRqL3%2B2Aw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532f940b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1784,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85\", baseline, precision 8, 48x48, components 3","md5":"16152639450595e4ef2439b16c68ebb7","sha1":"65d4d2e51c0d01fe95f57f9b860da84425b109e4","sha256":"66d40468373b1a78a41642c7a77d82dddc8b2f9b11db198c057aef0934f5c27e","sha512":"b055ec3fcc77276f0de9a2ea9759d4a0e465b9168adeacb7d0730f5f9e474a272d0f5bb8fcd5af303959c17958c0445aac2176ece9cb693ecaf59c5decaa3b91","ssdeep":"","tlshash":"e631f6be9b4207a0d8afc23b5a3053bda6ad6d0036c4631969b011b3e350f5df208a09","first_seen":"2025-12-13T10:28:10.374523Z","last_seen":"2025-12-13T10:28:10.374523Z","times_seen":1,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/7.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/7.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"12b5-628c120a-9e4a98;;;\"\r\nlast-modified: Mon, 23 May 2022 23:00:26 GMT\r\ncontent-type: image/png\r\ncontent-length: 4789\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g0OJlj2ShNIhm4M4ftPI1CnU3yacYlqkHLVo3ZSZjizx1wOoQ9IxL7%2BM0rAxv5kMGGTCfqebw%2B0o7vMiWUuMr03%2BiW8x484MbkTSMg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324924b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4789,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 70, 8-bit/color RGBA, non-interlaced","md5":"b8c668e5d3ef91152012727fc430cb48","sha1":"a504b16c995529a202de9be648f4313e835a1190","sha256":"eabf74308d94d5acd3695953ae7c69060b8453e9f672abf3473d0cd14101927f","sha512":"3448284389afc63d9ed7e072678d42314863680d374bcaa120d3db35f0cc4b96cdecf88d6a992f2bf57156df3ecf0cc1e02076ae34afbc1b9761c9fbf2608ee9","ssdeep":"96:DOSMe2s1JqZphQAt1B0NwGMMifZT+locoXvgJXmV0LC41/hDxyZcRqjPH7SYwdc:CSquJqZjLONqlhT+lfood4MCKDsZjv0m","tlshash":"d6a18ca98f964c820e0bfd1d0a6d627407e277797d37a309cd0685fc5492e84828ac0e","first_seen":"2025-01-04T04:02:55.890287Z","last_seen":"2026-03-14T16:24:30.348097Z","times_seen":4,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-frame-options: SAMEORIGIN\r\nexpires: Sun, 13 Dec 2026 10:27:40 GMT\r\nlast-modified: Wed, 05 Jun 2024 16:07:53 GMT\r\ncache-control: public, max-age=31536000\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 17566\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=adLUbEgb8tKsJTKxR2z0cxGD5vzE7keo%2FKaE3mUzIdp3KCPhI1oaxowzsh7h0Mpk5N54hui6SeGffbSvgiN2KLtm5sYZQXKoeMSEAw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ad4c52ff90fb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":96176,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (44243)","md5":"600b5aa734e4280414221510da8e56f9","sha1":"87056faf8a2270349fb30152e63847ffaf8b6d38","sha256":"297ceb6e8302702b0500767962483ea60c9d7149df777bef3b78d24d3239c5fc","sha512":"d365eaa2aca7f9aae987449a821458f25d915e9e3f528b281427d9a2d8da0533be6872a4259f8e10a855f63948ba5a12fae027f004a0a1e97cdeb90b0ead4a0d","ssdeep":"1536:9kOOS/E/IGkVg2rQikNIGq/epATfqBo6ZUAp+er/sgsDPDnZCZQZD27EtF8CODfv:9QS/E/IGk1rQikNIGq/epATfqBo6ZUAx","tlshash":"8a93b7866a86179d3263c43ff9d2a26c74185460c1621fffe439a4ff46ea0ca23bd715","first_seen":"2025-01-04T04:02:55.873131Z","last_seen":"2026-03-14T16:24:30.345331Z","times_seen":4,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/styles/fonts/fa/fa-duotone-900.woff2?_v=5.15.3","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /styles/fonts/fa/fa-duotone-900.woff2?_v=5.15.3 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=b28d96a6ba8ce1cee94e59ee7a765490f9d17cd4\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"2c6bc-61a9f8b0-a80d5a;;;\"\r\nlast-modified: Fri, 03 Dec 2021 11:00:00 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 181948\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GKQjTUpIuePBTmX0EVrhzWO2pDOCOhOZlaP2GLNSpiQX%2FUabzgBfaY592sBJNdPsVC4xaVV5WzGck9%2FGyGkUx0qNS6rOWq2bANxnog%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5328937b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":181948,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 181948, version 331.-31261","md5":"33b94ae8447d31e14d9ca9d360bbb4df","sha1":"886ef25bdc43055f19f8bba07b057b436a4121da","sha256":"3b5176bfadbb42740a51a8defa97dd393a2615dc1bffdcf333ac9d131893817d","sha512":"822e857d8563f3738041874df12f386c51b645dcca159f66560ec6efd8e78c28e35d10e0bf4e4be029ab57d94c5f969341b8352b64f482c4d711df15110aa9d9","ssdeep":"3072:h96KfZohJmnqn/9JEBVGBD8m9QzoO2XHM6QwG1owKCykFEvI0ATzDJM2C7dIhL:YJ62EHY4m6zoO2XHM6drkTzDHqdIL","tlshash":"640413e20900a5ddd094b5a76ab73f0926331a17b453d9df89f6dafc78ae3dc0486123","first_seen":"2023-04-30T22:51:04Z","last_seen":"2026-05-02T09:20:16.346093Z","times_seen":427,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":151,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/code.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/code.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"e6cc-65238734-9e4a78;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:53:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 59084\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y0%2B9keLA74%2BtyuPqCf5ABwuQ2EXHJdmpDTJwrUeOkjCQ6x8ynxqaAYne27C0dLHAp6mVFL4HQCZ9LpPWt4RTLhgGg9yNWC9xZXfk%2Bg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532492cb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":59084,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 370, 8-bit/color RGBA, non-interlaced","md5":"6b04852698ee9e447db3bd90bd1705e3","sha1":"42c3e40f16950eff1eb6433d003b466a03a6d440","sha256":"c896fe2324fcc86e9819faa7c553c31d9cabd7f97f57826f92e1a5894a521960","sha512":"0af043d894d671f5ba9df03b781888178a10bcf8a591e8975ce7045894f62696052735e844b739a2b3099c241db45467303cd52b56ba45ffb286ad29438eddc8","ssdeep":"1536:XJS8uzJu1YnPSGlC5lFH7bZoYjLiigGnNOiSi+Zb61rcPK:XJ0zJuWPSv8q7t+J6N/","tlshash":"844302c34a1fae4bcf6bbac6293771d5ad252008273a9eb811b1d4d524584ff0ed35c6","first_seen":"2025-01-04T04:02:55.904009Z","last_seen":"2026-03-14T16:24:30.314327Z","times_seen":4,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/sv/passwordtools/password_input.min.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /js/sv/passwordtools/password_input.min.js?_v=32a82bf6 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"f1e-61f95380-a80c17;br\"\r\nlast-modified: Tue, 01 Feb 2022 15:36:32 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 1182\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qwlvGhqi4aYLUXRV8hO3W4Kh9WJG1fmfBu3CrouBcUa9LH4BhqKV99EYzsAjrvv6NgUlV%2Fluisd6dwRaBf8IHm0W5K8Ra4EoXeFH0g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ad4c533894ab517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3870,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (536)","md5":"565127680499672f38bf701ed1a5feae","sha1":"3dc752beb1132ab56c8374460c4b34b5310ee840","sha256":"10ab6607f99919088ea885d0c540712f69dfb3e06556d967ff1be36a66194336","sha512":"a693079aabf7efb303425c6738b537641ee2468da297f722a7640be1a015b4505a6864c0e514940d123e97fcb5403f802730c4bb89a2e26def2b713443528195","ssdeep":"","tlshash":"9b81bd0372042e532adad6f4508216017352ee2b910758ed3af4e7ef727be834165b7b","first_seen":"2025-01-04T04:02:55.931981Z","last_seen":"2026-03-14T16:24:30.31035Z","times_seen":4,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/challenge-platform/h/g/scripts/jsd/5eaf848a0845/main.js?","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:41.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/5eaf848a0845/main.js? HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ; ads=1; cf_clearance=.RQPLMRygdSf0S7wyMIhMstcHLdQsYfRhxdAUwsW4QQ-1765621661-1.2.1.1-geeefwZh_I0OcXWI6FXYLGSlq6TmhRjqZoG7CfnY.h8LoCIb3IPRLAsavwJ7erA5pY4qqMavXSZoCx_nHVq1zuhjatrUf9LrftAhHm70yBVP028.qKVN3ThqQ7ER9dEjnUlx7HkqQvR4WsQJOApwL59hVBuC1l4EANfPEc.Rw8fSXmhFosus6Y4s0gUBFC8aay.mzSA0LcFjSEW_j_egspthMl2VkggwEi9Gd6tkcKI\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 13 Dec 2025 10:27:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=oR6er9jxPgz4W%2F0Y1Vdbd3zAksgouVp650tdoIa3PRs7rWxJ31k94jkoETMqyadkVoeaVetIeT1MEaRqW3Ww3L4zF%2FRAnWBWsCjMNnD4KRxrzPitMSCxwVKGhceBTZiFYg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncf-ray: 9ad4c537d98eb517-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1292\u0026min_rtt=486\u0026rtt_var=385\u0026sent=2553\u0026recv=207\u0026lost=0\u0026retrans=0\u0026sent_bytes=2830199\u0026recv_bytes=44872\u0026delivery_rate=45713492\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=35159\u0026ss_exit_bw=24053880\u0026ss_exit_reason=2\u0026cwnd=75836\u0026unsent_bytes=0\u0026cid=08acc9fe5aecff56\u0026ts=1437\u0026inflight_dur=336\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10315,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10315), with no line terminators","md5":"340a52f0c7059035ee3c683d32441860","sha1":"8971506595421c090851bbeb9a39862c419493aa","sha256":"00ba8e5ee2c474bab3a9f065f906e683df5746100c91c1c6db8514253f462335","sha512":"4c59dc795930b32ca14f6653702f57c516379a82d45893ea0b6cbeb8ffed83596cd660ac9ba5aff7e4a153938e5761cf2d8efca5e68a2f714483464f303226dc","ssdeep":"192:t1blwDoaY8jSgLlH9zMq8+wpyQ/N9FagaaCRBgsSg6p0g6M9g7JgjxLvRPFDHwl8:tjwzYiSWld4qvw0iHpWBgsSg6p0g6M9Z","tlshash":"4a22c6c53a45f011a03254b5386b68df606aedbfb5280943c62ebdecf6317a4a7b5f40","first_seen":"2025-12-13T09:55:37.621649Z","last_seen":"2025-12-13T10:28:10.379555Z","times_seen":4,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/sneakers-1.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/sneakers-1.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"37d6-64ad0c6a-9e4a8c;;;\"\r\nlast-modified: Tue, 11 Jul 2023 08:01:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 14294\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BaanJMpLxq2lvnD9C45yDGpEg%2FmbbPZ4SEjrJVLXMotVNCsRJdeBFt1rBeHv9svlKwp15BvJVWiF9DCMMqYMUUdPPU8Z6B1EAZIR0A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532492db517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14294,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 174 x 174, 8-bit/color RGBA, non-interlaced","md5":"b21c2b21b37c8aaa9c7f69388226a3a6","sha1":"814333afcf4c6dc7731f63ed2e2ec855222893c2","sha256":"cd1788e24d6c6acfd12d30bf83a1f7a750f44f58da7f0b80f9830e9a67157acb","sha512":"682899079755ae231154ee5b0397bec82e7851cecca7d7f3704782c79762c40d5817aaff2271ce64a0e08426e10ba8fa68a9ce9fb4d58e47ad86ecb1fbfefa85","ssdeep":"384:DFl3NNIZCJsQaFC7+xdZGarR6pPrdxX9JCDjB:5l3NNIZCJs9CkdAar07nCXB","tlshash":"4952c02819ac2750419850d727df43b48df3720917099039df7f7a86ecb1aa7aaaf136","first_seen":"2025-01-04T04:02:55.905111Z","last_seen":"2026-03-14T16:24:30.354723Z","times_seen":4,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=b28d96a6ba8ce1cee94e59ee7a765490f9d17cd4\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 17 Dec 2025 20:16:19 GMT\r\netag: \"29340-61a9f8b0-a80d57;;;\"\r\nlast-modified: Fri, 03 Dec 2021 11:00:00 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 168768\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nage: 223880\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zqokm0qBgF6w8S7jlBM%2BuyDbQbBEiVfBDUufJzmtFe9exXUDyMe6eUSVpcrosngcDq2RAqkFMZDjvHEpRrDPTR9u%2Fpe8ee5i3e3sgA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5328936b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168768,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 168768, version 331.-31261","md5":"d8689b99dce7c881d3130f3c91cfefdf","sha1":"fb005c93930c13b3a5f449bbc75ba5ee23f609fa","sha256":"4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938","sha512":"4849e7070de14e388157a974cc802bf04549c900e093de962d4a2ec87a94641a0e9dc7bc59239616608d20894d42eab4f33101d062b841be193aa31e1edcc5a0","ssdeep":"3072:eDhVfviTFk/OYHrrIGCApXWaY7neJcBl1DfYk0PhSYqVWj3a1haRfbcZ1cnIUkyn:eDjsklHrNCAlWaIeJk10pzm1wfC1zr4z","tlshash":"51f323bff8a22db297eef58976447dc849c00661ab10c57d0b2b58a8f0b79dde467304","first_seen":"2023-04-10T05:25:28Z","last_seen":"2026-05-02T09:20:16.355031Z","times_seen":4432,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/console-1.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/console-1.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"2f23-64ad0c6f-9e4a8f;;;\"\r\nlast-modified: Tue, 11 Jul 2023 08:01:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 12067\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bTbzNQAVrNs%2B9Juz3zNcEkGzX93fYUnmb3LdCofZuBGCZ%2FHa0gixEBYaBVmRiWLO9g7R6yjIJQjdicep3CNAQ1%2Fr9RjC9SzKk4INXA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324929b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12067,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 174 x 174, 8-bit/color RGBA, non-interlaced","md5":"3407d3f3a15ce2b464e34973aa3aa04b","sha1":"4516ca75fd2ca880d1979f73f033a1ca7e324e7d","sha256":"f28080b4177a3240364f0a5172c71801d9fb10cc7d92670bdffee0827d85ac34","sha512":"7615cf8860a89d8966e048ccd38f409f85aa4f6084c699e6610abd32a409f8b4472ffbc7674b03bac89ca773cd7b4d387edd13bf343df10a1607a8c9dd0b3ebc","ssdeep":"192:ESnjOPGwV1VPI6QF6TuFXZX89tLez5YdD1e4loRQaiByFD+GezimHZosETjrP1vZ:DnjOPLPIDFWulZX8as1eDQaFD3EHCpTH","tlshash":"b042bfd3a7f8f279e02f8c032d7a85d0d8acaa0a488825a45775b27fd096d270a80e44","first_seen":"2025-01-04T04:02:55.889314Z","last_seen":"2026-03-14T16:24:30.349004Z","times_seen":4,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/cryptooo.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/cryptooo.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"c8c9-6523877d-9e4a7e;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:54:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 51401\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m0uNqv6ySA55fuOcpV9T4tZ9KfL4aUAKQ0QS4gClFNs%2BIx5uLoxnNsP%2FqP%2BiBS%2Bt2Q8Uw1PvKfETa9uVZj2BV18G%2BaSZao3Zddlj7g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532492eb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":51401,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 350 x 346, 8-bit/color RGBA, non-interlaced","md5":"8f6834541a09490c1451046d007d16bd","sha1":"1630c954c6e112512df2b2751f2ae6073bd630e6","sha256":"5268a3689ecf887974f4b1ccf9b26fdcb2deda2b2eebb0c76a6327ab77c0b1a8","sha512":"b5ca85761fcb67b1d85a42d5aee4af8a6f76ff77b9335f7cfec9eb0f3bb06b7fccd01e35e27886154972233ce6ee9fbe5a29bdd02e50488d2fc05e9906869590","ssdeep":"768:xpRk0Zr+ge29fbIROu+owlML7Q5pKnhnoZEots6XbKNOD+ekYc0SyUaYna03x3cO:LRkO+g9f0R5dl7Yshn4sOkGSrJgF32nH","tlshash":"313302d31c751c7c59bfd046c20a35af0f80a1f6ee8a9ba3564ecac2c9161d81654fbd","first_seen":"2025-01-04T04:02:55.905983Z","last_seen":"2026-03-14T16:24:30.322363Z","times_seen":4,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/4/4553.jpg?1679559651","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/4/4553.jpg?1679559651 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"ded-641c0be4-9a7770;;;\"\r\nlast-modified: Thu, 23 Mar 2023 08:20:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3565\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7pxLuDEUlagytSTQ%2FwWlr0aux7GjcTFJNAE98LzpaSLgGKbVrSQtHds95kyx1Y3QUSsnQIT7XpCQwI6YZ1PIIsSfIdkx0dsF5rxcMw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532e939b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3565,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"67f83691013c020b0117f6aac675a92a","sha1":"01ac8de395847312f0fbff3d03a7797e0647f342","sha256":"c22515a46839419dc32e158bfff2b15ed1fc2a5a6806b2161b4d06a8b2a2bd68","sha512":"b4131c5ab6e1c3aa8c3651e311b90b140fb037ab71b8e0b1a35de4d2300fa1ec998387b60c9a918a3278e20552606e2514f624667515ec7ea07f969eee41f88f","ssdeep":"","tlshash":"ef717db35a84c060d5327ee9809e492caf6124e2c625026f03d3ca156ff2e82fff6c00","first_seen":"2025-01-04T04:02:55.910578Z","last_seen":"2025-12-13T10:28:10.348448Z","times_seen":2,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/challenge-platform/h/g/jsd/oneshot/5eaf848a0845/0.7690541367904427:1765618042:EnQQiB7ZE7ZltacfilqUVmgzuRja6aOmhpcgTeu3uts/9ad4c52d6811b1b8","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:41.090Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/jsd/oneshot/5eaf848a0845/0.7690541367904427:1765618042:EnQQiB7ZE7ZltacfilqUVmgzuRja6aOmhpcgTeu3uts/9ad4c52d6811b1b8 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12154\r\nOrigin: https://shadowforum.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12154,"data":"-iDrOgVSWMEYVYVclbx3TWSb3qb6barqBKrWub5rjZWtZCBtQbXr-ZrRCb$b99bu39Sb7UWx$phKWltThKbxkkbbZ1b6pUgxbS4EBnD6CwZ0WbXcB4XFUISDbLqXw2iD$DKu-W9GOrb3FgTv5GUVBj0B5JdbjOdIbpKETDOgUgLq1xLa-bVC5jr4jOPZbakQ$Ak4-A4XW4KTSbayPbWIbTTMpbuJ3QxhKLN3$UxHWDzN14nmSba9TbbIFxPe7tAuxbE1uFXOhX2UbVkQEMWqKbavS3EkK$5qb-nB2qG2t$7aSbWJTMuBPAp9oeytOrBbV5GbgVh3MbbZ51pWgb-VnJVvoVbE9grVmXq8bbg1jFR4dD58bakv7gYAYKQocYJcgavJgI3o$0Wxl0KpEghWIlSSW8NrWbDOaZ1AJ1bDpLzLdFML$bVLjL9$d-OQEP7oDF2OBNG5bsqVTbbM4Wm3I24Z2qqCvbaryMOdZQacMR2Po4-ygQtd-LaDdRyQmM74DbZgaYyCKhZES3OgVqV3r+Ti90XlsK6NvpEKAPHZeiWeMcxWipqHbOAYjhpK7vRk3YK6$8PwpwUFcpKb$Lv837hNyP+nh1jkC-lNqS4qg9Yx0bcQgkcHaTTSq5q9cVhCFC2KaTKXpPr$EiQdA6B2lLRVGKmFNlEIMAqcuUXGwBWtIb2saMcXmIr$ra1jx$uh8yhvR+r3ALZ9PWTLh3eBsg$nHVQhe3y-MFU1xhAH3QvaiUhvi3yEWEhmelu4iPK8VwbbH05D8UCUH0kDK1UY7DlBPWr0Q20KZbxbiprtstPEXrlRrWTZBgcs1g61ySHrwPDa5rukF8ILKNueErEVYA17T3j1rrxaqHgkqUAESDKEKVaiETSaqeWqMSbTkqDZEpWDK8WqCuii$iGVrudDgreSvPRTb1UKhK1087aF8VubepzWDHr+L7TGQsW0xvWDSgXubvrVAv2dH-BS0SPKF8-VaQTo7KqJT9d$W0qD2E-WDEJypBekgWoaTpEiKndOrjkpu-rviM9lLBPKoWiOW9VBZL8Ga5W1opWonTuEBcvFWoF4FJasJX3k4uWKgF0kLUS0AqdPo6qUS85X7O2+-K0CJ$CsdmSvaW66obW$obFcbN5wVWMPWOrBWC$i6WVSUpwiLEv$U+EgjRPM1jrwPpESaYxJM$u8WCaWF8VTdHUqvp2w+PpB$kHoeWkDKZWrtdHjR$KRCo5UReCEmZEaqpDrWJpYcquOkPTniRpyDL8V2DDkYgE5TYxPNtERs0ZjpDIG8rsaTMrDkEnyaYK5TyUZV6$k68rDKtU83MSrU0Ddg3lClUxGDZD5Kgtnl71LriBWpJ8ksZb8oXiXPyUKrTublULXX$VTQK2r3vUF8irmF019mBbLwb5ctX1F8+J11L4DHDVSoidbiaN8VMDDpSI4rDQ3a11d3bmGSyi2$zEmG4VV$j$V+GULg3qIv+9BDWO4qzhHNCz7PTCzDNYJDkNk$q7XPmnl+CRoDVCYS7+HBATz1$Ak0R-AWPj2AF8Pi8pFGR+ZEAd+sbiZ7EAbb5AAKUE7Vrsrj3sFOI6RlUQtt$KSEMB$WJ0boVDV673E+QrUVnEvq7dbjYOUSdORxbogUcZEXkQ5bOg6bb3yUqKXamWXqCbvPrtYSWk-DWU$8F8TqNTphJSM88VWXK7Q7utTXeZkP16j3UK8vTCqk0rL$i0W3WkTDKkKCEzgR-qqNAKjCrNN8tYZEUGVTh2bYNS6lN5pqYcGWD5d+dvhtMS69-xd8gqOwI7Psd991pREYMk3ZnKHEnoU$WTq1TSE8MgGg$$ST1pqMhyJLlTpYgXbCqU-LWTKbBMw3KKQdE$gMM-Lv$gXYviKeTJqsLdK5V4EbszEcBT1gQaUsyqkobhhkVI5WqxRS1gFqgXqYbeb+QivIxqgLnKIKnGTtQKrCrteRuP$pLrKryPnKN8N$w$Vmrxb3qeEh9C1Qa5PQvAbc5ZBwDcSCHrXd-xLMcluXxE52CrV8bn$qobq5XbngDEigoTh9Db-DgqCaasLk1iQ8K3kk2UdoXVodS0BTBlSpCxsnSmLiD5wWgVJxGsLX8XK1tD7KIr8QYgGJ374u$FrR6qv7xM+KML26KxhYDTRQbm10vhXkmDz4c8ig9MTrbJhY1hH-T1p-wTZj9+k5H+D6PWtBE4hiFJI3QEBCp0NMoFXz7J-qm0u1Q9aqCcq3PChBJSCnWL$rvqDqIXqN0naJO7KmX39SyElthSHKUcriHjPcGwwryXhJ5VaGmEPz477rYezystb4AglytquiLA05ZHOnTZSMKPM1Sy03wYb4Y8uW15OMYuIwSWurQgDWKS8ERJhw0rlJBMr8VY$MSS-8h9eQqaSDGByORkg9O5aX1c9ck7Y1PZXxOb597yP8hNBWL010Mq1UUKm6UJbdbVIZ141UEWunSU7$HMioJjsTD$9n5uaxJ3p+uJhwrnur99Wl5zwpvU9$TZ7gd8TnXzOyKjxv-o9$pFWSY15k8iYhHpRUxdM5Epq1PMIy$b-ncpb$uEc6Y5VHyUblgaF8pWCbgeSxd8booSYZxbKiskT7V1iJUHUz4-2iZ5hJqJOTneM6y14k-z4TCbqkU6NMsTbS5qD$u8dFKgX7eHw7Jc8OIH1mwBbKQsznia8V$GDS-axjLxsXN$qBy8+1O5+nQJI14$3M5tV$k79YvneKebXdilGPQc7zPqWWut2BThIp3TFCkQykLc2MXP9FHUn9QaMWqRdebvOZkD7WCDu85Sh-$uF-2jBE70QVqj3J$US0n3GnxVPo18U$Z5NLYnt8DGvGiEFCD53S3l0YOcABD4DV6c9VZECLB3cWNJJXcdLiaus2vYjYAZJJpg8B$ZLQmP6qH3Tq$OvmUC8xslWTU-eLxxkjv4c9es$4VIHm0NlED-YU8bYqvw6siHrz03sPiY8UI85jc6wJCjZsWqp2DRzWd7HHq2cZ9JPuq6q8EY2MO1q0ZM6zpbpcbjRIrK8MaULAkByCOxMvwmK3BAxaJlS8o7FLaThCZH5BLFKeI1ZgExzDGQ2y0-7xWTdBa-$1rCZYay4ORHhDXaUsC2Q93pEv7UvmDQDhYdTr8WmSJoYFjO376I+Qr4uJyj4gzWx0U8bFj3r0t0GNvnEPySSC8FOzC1dqP9M9MYg38hqKBk5Ao7crZPk8iQgwcx$kZDLkHNi3D0SMm7CQx8hE2YAKL10F8iYwWWgpaOsOtZ0oPJveGzUQztQqOOCbRGLbPSqrvPXpdALW-Do1KUcETCLz7NSK4clVyNQC2LQ2SPPFxaSg6VrD8tFsDQCu2o3oOnHDLJ2iqAuDje$7kk4nOxhbvKkErcoaXKvwZLUTd2do0gw2X4r5j9Hq7UBqELxupVJ7WEFgmaJnrmXrVKjwDXD5G-GO8EiJ76e-+83-D6dgL4H9RKg43jhTZxWG4-PbdrhkVv58Bg4eQIR-ORVvKj1YVndxQS1-89Zw7piYZSNFi9OO8gZp3CbUUTECEb0WZFT4hU7a3XV96B42WjE13Z6qaaDo3Y0b7+RcKEZX6mpqhC15pEEm5awtPyEPUaZ04+hyVjb2BJp2KRLbPrumRK8nEMbYBVhLRM1D0ghT1MDkVDQWOnRnT$R4WqVxU8blEbr8HY4ai31UhTVIEMUFKYaEhT3Z31sSsg4bu-ikaKsT7wDEZ0i3q-EOP0b75J73qz5s1QRLZCdUryiTPWprR5OlKxd8B70a1YTu88HrgmPSEdpc7eHCUGR1BENyNhKaOKRTNjQRPMUU8gBp4FR9P0Rnitss3VBUu+Ouuqa4wqETuKrwZBL5g8s5RViJsj7pau1v5LECwSEiEmqNDdqhZiZ-rtats-hlqrWMOggwLrZgQCg9sIBxutpOgjWkZ5pYLtQjbO7EuA4hRn4ndSbjRyR81zB6LMQ4pnDrh0V0HuZpiaTr8Mb56CwQZVR5LT8kNeaEhXbwEkB1aQ3vVL6-Rvp4NciOq-bB6bx17FNadSDxEGihp5UPBF3r8c4m6c34WRW5P+PUaERQTFRMxADYDrry6cZpN7b1bAajB3EAs07JTCbtslTFpm6FipRM4HWMWTVZ4j6Fi3NM5JKCdHq312DK8HqBDaRO4S943BDN4tEBwbsK0L1SR9KIeIxqECVsdjaSRr8Bstbgg+OMPX3WEMPYLYU-6WeJ57swEAbWwFZx7I8LwSWMVjW-DvP+OSQN0hTiuyraNW7rZNRSVNRvKEZg1r9Yx5DgrFb+iKgFHYON0QpiEbRRVm5WWMLsb43FxCWXaBRkV$Z+bXUC4aiBOMP2WkW362qE5nCC906VxEsADLeT9r6yWSWvW79e6Y1WsSeOQ9Uq6AW8KH3jEH3+b8RMd+pl9rV7dwWGw-9ONcq0O0iqxWpExn58HwhSEdHvhXVDDK8OZ8eOO8WCBGigKyCdNUeKe7bzb7T85GxrQS6huP75uNLJ7ZRyiL9-HC3IO2OzbE3DhgW-9WC+eDqK0muxCD8-73b1CCOAEiVzi5NaVUakaZ6AxLaQH+i+9CgYVO8v5osAC2B2BCc8KXs$dsOaxbB9CNUJ9rHpxurqd3Vs1ghHpubvTu8hZYDua9uxwG50TOCrkJBrGNq6OP3GwnNvR6uXWTkvbIE3E3xOOk9p4+6ETibXL9OFRKJUqyTWTXswJpV9dWaXKgs3d9d0xi1rbg8kbSU$c+HhNMV2RTc+7aO0uvWpeD9aLHi$ivd0OsBJU4U342pMCSJb9MuhLK0LwI7Hq96X5Lx0DCuOO5ec6+1U8xpSEc5QR9KUHyW2V4ERW9HnZih$h2HlVgsyCKB$TRc2T+L5ZyQMi4weQ-c$7xPt5ARlG6L7Wk3iW5iKLPcK0XBrewORE6stur0sU7K5NuuQOcZlGx9H5VQ78i8lWSbv7wbDaLNgUE7mcy1g84VLUZZ5Kmu5O7bkbDG+Z49FQ3dVb0wnQc48eIBLZ+sRiib7ka5NQi9GUAE7V8LdpibyuQ1E3QWJVMEMJdK-GZNFpo75EYcbC-EeRPx8cOLgc4sACBP-9+QLJUuXaUK8WU9LJ94mBn4knQc5s45X7M2Pd6Da1qhXa4KWVX7FcjxsGb0P4msm06H3WKvg10bt35k7Po6g9F5yaaLT8BbPhvkrPVdaDqvWJvxtpokiZD42OXNFpbolpQWtptV552Z-QnRqEHivwtktBOk8anvtsQe32qLAWEPXRECI9eJ9UgN1NPwMJikgNVGOsuB8iH3TV3V49CnmaEi+BgZvWgb0VpEjG7Eq5NkAcu0R32hu8qx9U0UR9bGc67VLskG9qDUYV0uOLHC6OcZEE+hb3qVIaax6RVxEqxb0unRnQodjE0GYOkptdsx4Gu7n1ZhvCkuXqE7XLy4lZ7s7ELQ+heNuqD2giZvgCZ9KJQ3oZ8E8cvbM7Hb3i89gUZGRxjNWOmdQG5kcqv4dcVhywThAR3WThno-Lakv5iwFsqL45weaR9BOUIHL9FB5J9W2pPH3K07lo5E$gtrY9Kxb1D8KskW81JUj53WG48uP6XBdqRq$C+HY4RnzbBu$C9QU9ikI9-7KgnxOZ512oxBg3o7JHZQ6cVx+PJnDw4bXU+cskkMY5TrdvqJ8ir9wWCDF5tkg0LwNLAW7pJwe1AEpPQTji0UsueQJu-4yHya1CC4$ogsRV1hgMR4kWwq-coZpxvWK2S1aTIQhUD9Q5KHAxLBre+q0wyWybAVw6P4aio2Zd1Pr4wbFMwRci+xr0q9r0cZ3hzcTbr1jT-LHs+Qir5O8gh-HvrbV2kTyRTjtVLwMdADca5EHbK3HZtun$2bD8INxo+utD0w-xjaXWm9b$Zvh2qDBO7nkvVCQJinv2vo4PanBE3WRbw6ucYRVCW$KLCq9JEcz62iy12NLH-hyh7C99bRIcrBL4EUEZUBUBRPaZ3N+k2QHa79eCa5EMRVRE3c3xYHQTMWKekkBLCrHGA9ap4wkEs5EV$u0vD4P4uqKOAOua7nTMBe7ES63iON-9QuM4aiyne1PaMp3qcWado9kqkWvq+VQNZDwEWUmUFkQ5lZ$jVCt9Bnx6NgYp2McZtV+6ACIuM8sol5SWRqI2AOon5PAHCJiG2nqN1Z3wX30WPMIr4qWGF6Y4OqL6Z-g-e-wbGM0$E91oWb8vxWlGckm-sOIvO5OTKJ$ceQyvXvCUDYEZXsZNkkUH8g+-J6REKjCE4vdwRxcCuxvkJcYyJorZSzkcnhC$uolkOQdd84oMONWOJiXp3bE3n1avkZEiYoiv3tWoiZPc92A7LcxhybE7PQpD4DgbE-dkvpLp41J9J-QHYUX6R1ra3CM27ika4KjVjbMqWjaVYTnChBRxLn5PaM-VFkxR$cX2VCaaB2gjanMvuCGC-bqZaKP9Y72NosmjoQdQNMIkrRJ9C0TiHPoeV9gJ+vioJyYsJiGu$vlQB3EUCdjnRQeKgbuMxWtvUsqvgVVWhHc3wekEoRlcPRr8-hCiXpMEPBYpCjM52VyG16AbuoNvU0P$7yjWzLVnkCaokzw2ajMWnEyCJzGDmb8WtpK8boXhlVwoVzZh$a8$nJGR3WG-1MZj$dZ$G4I7MQyZd9gHub4bxb+GaBMjZQ7nv$6tRNXjw3YndyO5WoKXav9UE9nvgNIoWbdxCHhK+PdhwPlK6uE6XvI2tcvE2Patwqg0TRlp19RQGLenwyGM+CaeIulcsRoQ7t4Yw7-huEaRDhqEWD-4pVR-Sqv1uec9Aai7M1WjOL3AVUACdC-rZ6-V83YTL$Uk9Rc-Mb5cYqozez1lNUaJaL0$zq$4xot-o$XqLCWQWQL-PjpPqqKluju3dvceg21RNDw3S25tSceRxwCP+bERTW6oy-5WvhthD4QWeeeZa53cw3bYp$EG$gQ$9EuV-ACeqD3x2KHe2B8llyblzWKkiBiRWY6ovSDJT9eCS16G0PpPJh7YE-C08xwb6RulVJd58B0$+OSt$BGY51qdHEYwrYCGL2zWdLBvFoINVGhZwGAelJwl+MA3mQXN7MDqAE7d5VADRKWGg-WJsh-eRES-xdURlKN5uzFaN0JcThqu+jkcxoVWIjFKlMu3gWFiGtLt7sQWGyGoKQnU3Qltm32OUGajxqIthDjVsYimJOFCha9LBo$6tECjDoghCt1gMSSlydq+ulCI2XbLi6xyjVvPJ2wbWkUrnpP5gI9BQo0X5b2GwV3ut6$e+ex$6HmravOliisel7Uh8j7QhqKrwZBiYpK7NKgzSrNTFLx9PX5BMk-r1EnA9JZzsJLbE3XCTww9TbPxMBTRGdT8lEwVVTlT62vABthXz6hlFp9kwDRlHONQ$FkbtamNypT$wM7pw$+VHYdJjbX3mCetIOO1e9oC-CONnzaR-93ZaKKhap--8-N18MVtEP-M0UmLmDOh1kbF9pCqgxXqqnymXInIrEDvmbPytAjilXyLqJEQc-UlAwT1ta0mVhlxDa4s7bckpFp3YvqvLeS7wmrQ8l9PcAOjwboqWuac5Pwo$pCqT9VWL+zbBNaqvAc7GmlMrg6TNqdMEK-qZldGULvVGhiXAD8cqiy1xbL55ZVD6OK$vECRtUSlp0PqCRT8LkBpq$YAKExvWUXXlq8rSRxU9VQ8-rtqcXQ1Y81aikdCPEqiboT77i1s3aASAzHrnbjVwbCLkhVYu95kZwCsSDAMXUnELKXlNvAKVYadg4YRc6EuzErbnbEbzvZbkigZaPKwEor1raRuNK58r77VBeSuDoKgPPW11qrmDjvek08CQbhBj6-1Ds8wDpbUgXTV7aUbq-83wrmZW6u$VrCiWd2bqM9WR5Wbc1LaOKuETLEVEZv1KwK$qOVN18$rkK1Gz49guDLADCKiS-qjBUy5DZ5DWnPsxYUbrW8xH5DACMVPWKuVvDsWe8cPqJEt1pPZzskMDwjKuryKUqjkLKu8QvV4YpbcVrVVqUXwpKmZjDEPVrV88LKr6MvDl8Hm8ULKyXWMk8Pa7Q8BBkZWDux1pv+KLK8VNFWK6kkJ8DrEpgu9yPhqy8mK1i3BV$aaiC8cK9DZv9gu7W+K5CpwYkOLLqrRDbFcd$YbFand2rOUmZ-5WqbKmTS5DJQ$9aw0j5b8RUju$Yr8s3a+VZr1CEWM3Bj5yWyJWeN7W5aTZk56KHKgOgdsKqi5Ovp1L-dzKaKW5YDoqTmV5dAWZ1AO5aCBaW8qrVrXWWHCkMVETdI8UkbW0sWgrbrR5TPM7swjcWyDHZd3sUW0c7qyb6IhMSk5O8R4E855puDib7r5Rr05V2sVerIgVsYdrVcUd0VeCY8CUJ1q6ZSMg-TgaCoCaDYz-rj78BCAMKKmDV3$MBq8b5tjKiliuE7qrBViMXvlZ-VudQ05EKkvGRET02WrdDZdvlvrnBGLC8tBTrsMq74TWB89CMKxbWpaVgL8hZYwV0C4a8-g8nZ0xbGp4a4IbKcPXSVmusVSbPdkDvZOZMkOiVrKSrEg$kL3uZ14SFU01TvMTaJmSb8GkM3Zd57F8C11jpEMMMVqyqxd3RZkZZaLTH9o3bNPY7UVNupgKK219yVuTZg-godUikZsJW2a-ggKTiWUNvgR0BWzZ5lAMlYWp02C1KUUN7CqoUV70sD0qP1JtrI8r-I8luuyMPLCWkbcbyvT5y7umZbr+dbq4ruETwQjV2qUiL$Od2us-11LGUFKsb4m3nVodFiY7u8OOrbrh1cJJ$WY57TLr+rXikKOrEiERVudwjlp0QWCi8EmbhlLOjEVs0QDDM-qbDWZb54l7xLVv$uj30k0OC8bjqeb$QuIEWTKb$dpPN1gPTTpolsS-eC62-gmL1KEVDQy5T7pPYgcC1IKM4vX4RbsrHQGbbAd2LkdSFaKlXtckn755uLqtjNDEUMWji2rSrTJapu-QZYjbnxGpEmbSwc525RVSrKrGFVZk1r0qhq0ZPTriyVbdKPgA1bbVTeKLCPUPYEgm4vthjrL3DNKgLN3qVu5hDWi5OXyPJMPBEeVCsQVNqag6UltqLUFpXCnrIBaWWKs3EUwpHcSGJD1L1Y3Wkta8VZMnE6YZtjkU1LkdFWWbVQd5pnxoMeixyEVRUJjWUVRekT43UikP7nMuudQM$A1SRgaUv4YghbFBJvk9TLEvUrrU1wqPGupaF8xQ4HGIZZEx9qrWkU1B4qBuau2bV3Tvb+CTV50iVnZU1RYTMrl93QulXWVRc75Q6yWArkDWv8m$ephIbKeCOkcJOt9i785KDqqWn$sEcKmqSsJSJWMZWlKtCnM+DXtOCEpgHQ-CVjCpPLWi4ZKaMdM$uWk8C90tCUGwu8wSWuVcrW$qj$T$IqZawb4ZwEgjbVVIVa1UrVkGRbuVwg5r5KJv5ZqhZx8hboUliqkgVKzTm1Wr5MjJGirJgwi9CciEaw3VKCX7$HWcsaol4kJE7MGXx-LJ-xcKPbsM+PD7aquOMSb9CATWjqY83KXDEY83sMukgjb4ZOY8SZiqgHsoe7Oq7rOZMzgc5hZqS2KaiWAZuS1BN5khas-n4FwcD6Uv$57uV5yLcLEYgwLUq0CYKUZlUJ-seLECrbX7EbGnKqUNCzKlvEYBYABqNuo4uBXHOxhs-6xd56gsSeyasEX9owCrcesvg2L$1-wnDTcqt7mrXxK8GMGMnt71atEsX272w6erHMMV5XKB8rscVZbXC07Lbab4wQ7E29Z19VySzl6XbX93oOB52bhPz-E93vW1jRbMg6uzewb8BkKTwqvEADsws7GIvK-Wuo9Mb+B3kP0MePbc3mmdzI4GzOaNebPFBkWyI8A-E9v5iPjxTwVDaEr$wLb6BOVGPJUJTbpIyS9w-u0-U$4FVCIFw77qOiAwxbHkWKhsPcb0Kua79VlKH$LR67g16MG6LDblWsZE7nAqKOb4ZJ7bYWWJctc5D+KMPCTaWYVJQo+dO4XCWF$nuUyLUogs7iMCKOXVkLrO+nQuPqED1XCM58MZg2pQ3jAeWOO50Mbd3sjk8mU0vRW9kSNuQg1UYa0gCUE+-E9Yd0rLrLVkKNScnK1iNgHdGsL1JlPEMIW4dAi1bGmwU9wYOtcbz0NpL+aBgLjjADI8LOr9PTQC3sDuVWwL5jK3d6bQ3VBP573UnUM2WmCdgUB-M-V52WhcYOKB4bSHWL8COIPx9YBG7W6usedYNvZE7dp+dYGBJuZETntl5on5rMGZ8IBpOvQL0xOCaxV7xzkt6xcKl7cV7oMvYYg+WsxZua7KYzckXPB9ySo7G6EuJqqKCwwIQZJ8yeBbpbOC-wPs-O0HDcv9Su8ZI1J5b1NB1SUqArqPcc5ubnrMdCqaFJbOcxZW4PYNTwV7is79bSDLE-E9+PEheg+wDnOeH1Pp1GvwrGiQPPzZUa1Us2WpEaUYiaaWvw8lWTZWqhDK4ZCKjgN-9CNj9ySUl-a00RcKKM3vVnZwzR1VUCicSo9Gj-Ue35$aGUh8k9JHUj5W9bDb$kIYlxWK2rNqki5P1Hr2PmqnsLwuWO9JAEcDHq3qu+v5b0WxapUhwMOL5NgNorHY1opvVMbJO8UEgiL6-L-knhEMYvwoSY--c2BIxekN6W3hQC2-ykp1vrGRWIWZ7AC7Z+dK0nEGNbT9P-S-lO$axT4-bi3xnAgwLbt4TMbYoo5HLVsch$iobsn3e$pJMb291UXllGDJG5wIac3YyJDa0CvVebF3FoleOm9ohMBVhN$pPzygdiRo7KTFPctO9LwRoL3ooGDWN9BhYoNS+-32LukPhLoVxSXpnegc4hCrqTro32M$JpN5B1RIlTpsNk44MckDIBZzj4kq1HBVhiy6hYnc2BLqlRorOWrIkuN0BQWN-lAD6rPNRJORxFKssRiuhsBSrLFSlNAJzwt97RIVX+DKO+EjBxz3LAxtbG4hYoUWwV6VtrkENU-6BLXKhtbcFPaJPWNDbR-XkZOBJtu83b3r-k54IoqSU8KhtDGmdnuc3I8GnQ1oTMr-XWYIJxYZki3NCOWBtKhzZk-Sta3BG87tGRutN+BKg90TDzDoW6YVF31K-DN1vuhBa9Phpk1hbnX77ueuoo51hvJEgaJtggOjchMcACQ-nboX5LYYcL4TBc3ndSLTac5XC90t-0p7tWc2hP-+g0E68zIGU6g-+gxVSBtWc132-UTwEJxygkxbZ-VhdLSazXpS0adGRmL5ahwG53v-dTIockzNcBOCy5K7ocxQy9JOF9mxmQk9CectNIyLMO7lyDJGa6uZdxeQlMh2Jn6IoQwYV1JthoeO3aKPlNkMhXKvKr-dw+7KJNknHOwb3wgN7Yy3cXgVyKnhQJJhZbm3uyLMLN7ShwvMkpb6i2J5Dbi00WNd3nH3XFpOu0VlaQ$p4bUsq2ubnC8n0eM+pmVO86r-D1CunzvDKVqUdK3iWkN0clk6dunkZP8KnV2KFbV+Tm8hOeC6bOD+i98bgDk2lEODuH$Rl9z0kbR15M3eUPmNVoINNdG6E1V9sLuLrGbvwDKLbbbEvl$1KME410HDz1rDZvzdaS0jYpK8D$Isbrk8hLNrhg5TDxaeTubyYoU-eX1gigLrdP$3rbb54VtUIbOqEbxtb6bjDHrTSg3qWHnq319qqZStO8W2VD8WCMhlZr2bPHhdhtebDrscVPVFXbbW9Ib2rbb9$OYJnSVug4J5M$ZWZWDKOXyrYbbT89vybBXl$zGK6Y-onRPVKrAe7gsB2H8mXbb6eBonRZq1ltZVszBvhUZbQ1lvjNy-2IRzvgMTrs0QKVPVmUxl4jA4zqT0byDSUjsXbs02RROX6BKrO2aWTLrkmObqgl1uFolbXMxo5ML1bbWv7DLDKNzFJ3VbJuiazkUs6nXbYbdCOz7jaHneVqUabbTjKsFJYbzURUsbY$qnxvEoVC1qvDgrzdtmEqIFgwWFPI8lQqUY1SMP2110DKTBa57csh$Pu0oDr8vi$74VS5JKhigZ-yG0QSb-VXZ$F04rgubDxrgX1UCel4ELnlgOKBoOZDZE+vc8rXcVjz5FWOnx8vmjq5bDshkWKbkbYbTbj3azEDKh7uuPh-7qdvibrkH$i33ljLs4HbTFBAqS5jWWruF1crLrsrXrMrbEL2bDAV3aZMlNg1oVebV3auuhNo1IM9rZxbbEqwFybzjhtoaBxvL16sTkGdnqHgXQ$81$pNdvc8iZ1rXduSbbWFn81bb"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 13 Dec 2025 10:27:41 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\npriority: u=3,i=?0\r\ncf-ray: 9ad4c535c978b517-OSL\r\ncf-chl-out-s: dHmpJc57yuzN3gFCAKAO0g==$eCOH0OX7gc9fgIQ2agcUAg==\r\nset-cookie: cf_clearance=.RQPLMRygdSf0S7wyMIhMstcHLdQsYfRhxdAUwsW4QQ-1765621661-1.2.1.1-geeefwZh_I0OcXWI6FXYLGSlq6TmhRjqZoG7CfnY.h8LoCIb3IPRLAsavwJ7erA5pY4qqMavXSZoCx_nHVq1zuhjatrUf9LrftAhHm70yBVP028.qKVN3ThqQ7ER9dEjnUlx7HkqQvR4WsQJOApwL59hVBuC1l4EANfPEc.Rw8fSXmhFosus6Y4s0gUBFC8aay.mzSA0LcFjSEW_j_egspthMl2VkggwEi9Gd6tkcKI; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=shadowforum.cc; Expires=Sun, 13 Dec 2026 10:27:41 GMT\r\ncontent-length: 0\r\nserver: cloudflare\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=lFtDI7Rfd8Zs3VKUSFGSlfgQKUIjZCul%2Fx4gMxeUw2vKtPRNtpez5BI0SMf4ACzN5%2Bm2VjrP5M19mnyRwbD9wBMeJUrbm9yQr7ld1XYD2Ovgf6xx66Rxdqsr2kYfo0081w%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1150\u0026min_rtt=486\u0026rtt_var=295\u0026sent=2547\u0026recv=200\u0026lost=0\u0026retrans=0\u0026sent_bytes=2827817\u0026recv_bytes=42062\u0026delivery_rate=45713492\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=35159\u0026ss_exit_bw=24053880\u0026ss_exit_reason=2\u0026cwnd=75836\u0026unsent_bytes=0\u0026cid=08acc9fe5aecff56\u0026ts=1111\u0026inflight_dur=271\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-02T10:30:44.699799Z","times_seen":14521028,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/wdere.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/wdere.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"e631-65237fa2-9e4a70;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:20:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 58929\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vrxdUBx1aIvypQ6eNTuUdQR8vyRc2svm38%2FsbhSYph1YPCR%2FhH1Nt251RVnGvGKC3Be9edI6camWxSiASza%2FNQXRgGDutkauFOh5Ag%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324923b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58929,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 384 x 384, 8-bit/color RGBA, non-interlaced","md5":"077d19b60e9c9484bc699ee6ea6eff57","sha1":"823bed6299892432f159bd2e10af725378fa0eb4","sha256":"4d9f689a07c5e16b1790b2d12aa0424c9b16dfd5c8465e1e1a35071a8e2b5062","sha512":"7e0162c4a094d519bd8edc927277ab472fbb3df8cd36380d18e3fab3b82002796d6595a45c6b8850316fbb4a75714f6110a983a27c9b9ddedf91e24c6b03980f","ssdeep":"768:BXPQA0HWi/QHGzICocsTMOM6QH3yz3g2iXohwrKrBnDMJPQqhSOkvTv9OTZYGgOd:iJ4hZTdQivi+7BD4/YOCJOTZ9X4DuP","tlshash":"6843024e9a4b808d1fb9b503f54b7eb93fad9a9a0135283d5c03cc1f0a575e3505ac9a","first_seen":"2025-01-04T04:02:55.895547Z","last_seen":"2026-03-14T16:24:30.326508Z","times_seen":4,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":102,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/33.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/33.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"6e69-65237ac8-9e4a7a;;;\"\r\nlast-modified: Mon, 09 Oct 2023 04:00:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 28265\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QZ1qigBDEDlV33oYG1KT4Uw11M%2Fe1tgj%2BIVd189V3euSaTpqjTHR4wRB2X2hpxkDw5gfZ1dPaPTg996Gsf6pHIZN02X3fr1%2FddhZwA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c531e919b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28265,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 337 x 352, 8-bit/color RGBA, non-interlaced","md5":"f44758f74c47ae01643c084fc0daef5b","sha1":"9f7c3b147ac0ec8a9d04781d42d01aa2fd0f4cf5","sha256":"efde55583f72526c7efb402af5c559ef051c45beae49de93ae8c3a829961e281","sha512":"d5c941bc51497fb2473d3d9104aec0b4e0e0c3d39ef3524b45223af27400244ed5cb8fcee481445e53b6e3501c6d8e2a461f8c1f9b140bfd958bcc9f56656f47","ssdeep":"768:GixZZuBOTH2yTL1+qvcG2ghGPNgMMXfOQnWB3sZ9LeHC:GyPuryTLEHeGq1fRHLeHC","tlshash":"85c2e0f7a87d721735201a7dda8530fd183d2319302a8fdcb26ad4ce270295d635b17a","first_seen":"2025-01-04T04:02:55.882489Z","last_seen":"2026-03-14T16:24:30.344408Z","times_seen":4,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript\r\nexpires: Sat, 13 Dec 2025 11:15:40 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CNvvOLjmQxHP6svZnguSuoukWnh6fuiLEABM7eGNP8MUZqhRcZV3ecLiylyAIZXKKgPh%2FjUZ77Efy5LPxpRSZmHG%2BN0l2QcjgakMUQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\ncf-ray: 9ad4c52ff911b517-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-05-02T10:29:47.896407Z","times_seen":102104,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/style_properties/Untitled-3.jpg","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/style_properties/Untitled-3.jpg HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=b28d96a6ba8ce1cee94e59ee7a765490f9d17cd4\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 17 Dec 2025 20:16:19 GMT\r\netag: \"cd5b5-628aaeda-9e4ab2;;;\"\r\nlast-modified: Sun, 22 May 2022 21:44:58 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 841141\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nage: 223880\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QRiqa%2FVKuy7n0wOh11aPmHBx03gDOLetLWMNl0blD2LE%2BqorGICJNUIGwzb1bdGh6ukDe90awv8q89PKOdltLY%2Fs7ZHD%2F3v0ByKgCw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c531d916b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":841141,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:04:19 20:31:12], progressive, precision 8, 1079x1920, components 3","md5":"7d93b295507bbae27d2d6f910d7cee16","sha1":"2ef39ab3f7ec76d72c994bce225d4e3b8760133f","sha256":"07e9c8dca63b515e5a3fbbd68f0c92207b94e26066181497c2c2b97f7001d250","sha512":"eab7b3991b0cbf032037a1a0c8ed1509de310634e06a723f632ea1962dff2994f5a9162b5ca3c01c57be60862642348358d4d8107f5b9e3a5d3633fcdc559703","ssdeep":"12288:veI7cWr8qq2YHzuRIh5jlKhegqafcabhiJZHL2XNr2xCnKxB7sCP3vAIAtnzpNxg:x5UiChaeZajgbHL0NrJ4pnPf2nzpPy46","tlshash":"0705230b631e6eabf6c162f5688754e1b3220e31ddf67347305d66059fbadc6ac8034a","first_seen":"2025-01-04T04:02:55.88144Z","last_seen":"2026-03-14T16:24:30.34113Z","times_seen":4,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/3.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/3.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"e22-628c10a4-9e4a88;;;\"\r\nlast-modified: Mon, 23 May 2022 22:54:28 GMT\r\ncontent-type: image/png\r\ncontent-length: 3618\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qYikVC9JHhBFx8NsRriZ0HHhkvzg5OXal%2B9CDXO0JzMz6XHiLXuBYreOBO5ehEb05%2FcE%2FWwdkMFXFfHt3ksFgJRqwEV25prtzHDq8w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532491db517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3618,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 64, 8-bit/color RGBA, non-interlaced","md5":"e15d84da4126cfaffee9eb5a46a5711f","sha1":"d94301d71f4de4973b6d1356fd3bb45081548aea","sha256":"d46d0f9e4bc2ae57afc7cba4e22d68ea02cb6c7ab6f2e099e5faece094a25384","sha512":"85b26b5c2ee41d10ba8181331c43e70a0cdebd582bab52b794a4d86f53b58ce5fb77cc48d984d5dbfaefca33f2c75cb1f9052be7970ac50a83f56cbc4bd6dadf","ssdeep":"","tlshash":"a1715b9a08740ef7de8e5aa684c01c0ed7e635183da46d4828edc6588953ee4462d325","first_seen":"2025-01-04T04:02:55.922639Z","last_seen":"2026-03-14T16:24:30.351028Z","times_seen":4,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/11.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/11.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"9dc-628c129a-9e4a80;;;\"\r\nlast-modified: Mon, 23 May 2022 23:02:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 2524\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5nmb8KqRabcH6EuP1AWbKBIaR8wJumKSILFsBc1jN7wHmsLmM6S7D3Phndcw3J3ErImWG%2BHb67ZvFL9oxdai7jUp2dHb7QiumD7jtw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c5324930b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2524,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 49, 8-bit/color RGBA, non-interlaced","md5":"737913b47e1571a38727054f42a68044","sha1":"96bf120a13b9f06619a4f154dd2cf63646a767b2","sha256":"557aeaf37b783436417eeb6cc9ebc441af271e4fbe2c1c12c1e7eb5ee8e3f504","sha512":"343cc35f9a76c397d3f6e0d8620046aece18f7e2f4343aec7eddff8e7ce827be03fefa82181badf54a13eee5abd4b0462bd6f26ae45830bd22d3efed07050817","ssdeep":"","tlshash":"86515d9f1ebb5e75c8aa8393336a1391ff526c5e304c0689b76d1524c012cca034a358","first_seen":"2025-01-04T04:02:55.887464Z","last_seen":"2026-03-14T16:24:30.317299Z","times_seen":4,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"FF:92:1F:D0:E9:98:18:CB:FA:1B:90:BE:3E:B9:41:44:DE:05:28:15","sha256":"0C:A2:FB:F0:F6:40:B0:82:E4:FB:1A:51:96:48:D8:22:C9:05:C4:41:67:1F:41:D4:8C:F2:B6:85:A4:D2:3A:AF"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://shadowforum.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 11 Dec 2025 09:55:49 GMT\r\nexpires: Fri, 11 Dec 2026 09:55:49 GMT\r\ncache-control: public, max-age=31536000\r\nage: 174711\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-05-02T10:31:03.02754Z","times_seen":233622,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":72,"dns":1,"connect":7,"send":0,"wait":9,"receive":12,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/7/7157.jpg?1691641600","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/7/7157.jpg?1691641600 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"a45-64d46700-9a6f3e;;;\"\r\nlast-modified: Thu, 10 Aug 2023 04:26:40 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2629\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F7m5cCY9ccko5%2BToLH1upzTAQ2OE%2Fvgx%2BoIOxeOg3jNHoQc%2BoZvAnRK9fNi7yueNZUBg7z7DGiNJ5yOoZ7m7cDnaDIotAhiOioFKhA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532e93db517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2629,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"e50c97f6bc58730b0e5b374aebf275a8","sha1":"8ffc349440fb24abf0a93640490e77db31bf1969","sha256":"95110574498309273fba17295d798d7e41c6610a0ffcf18ffa96cad552b7f259","sha512":"61f777255399f925bc8c88b56c625c3fb63c905990eb0fe06eaaf34a426881b848938a3050bb8d9f90f182edf80712f3d9738c57ca39ed03c521f1e3fa427e62","ssdeep":"","tlshash":"33514c0dbb19555d2b94053188dd7021243252a38f49c7b4a5841f0aefa16d04ac77af","first_seen":"2025-01-04T04:02:55.915866Z","last_seen":"2026-03-14T16:24:30.30264Z","times_seen":4,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/js/cv6/nodeicon/svg-inject.min.js?_v=32a82bf6","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /js/cv6/nodeicon/svg-inject.min.js?_v=32a82bf6 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"1200-6436419a-a80bd8;br\"\r\nlast-modified: Wed, 12 Apr 2023 05:28:58 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 2242\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PiOUPZe2Da3XzU8e0x35WrRK5sQgQv5vBCLo%2B9eW3FQRGyNLLCCDk18U%2FF9RIdaTVpcBqI6%2FnYzL6LDV5KThHZOVjQGoQl2KY0eMYQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ad4c533894bb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4608,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (500)","md5":"ae60670a20f05e487c4748d9587b1f55","sha1":"d9fce733927b07a9d4ec7d6cd94eb1c92b3fd3f9","sha256":"ae2d4012836d80e35738827493ba7d1e84071aae8c103b233cf61987b356a6ed","sha512":"ebc368ff6eb75582aaa1498b64c718e45bbac7346108658c1cf15000d6569b34850a6099a7486722374c5973a4db2b10cc6986780938d15adfbdfda11a5d511a","ssdeep":"96:bGSV/OOSL2O6h8nf33GhtOr5IG5bcaG2SKSu0ik7GAwXUIwp5BTu67kKEZblOT:iSVaL2O6anfGzOVIG5bciIiHAwEzBTci","tlshash":"e091d7e8f5c8f12b2bef203685af250ab0760152344cc5915105f0b43c78aea2767ddf","first_seen":"2023-03-10T01:34:10Z","last_seen":"2026-05-02T04:31:48.271772Z","times_seen":256,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/logo/Favicon_new.png?1717603549","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/logo/Favicon_new.png?1717603549 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 13 Dec 2025 20:50:20 GMT\r\netag: \"9a54-66608d47-9e4a72;;;\"\r\nlast-modified: Wed, 05 Jun 2024 16:07:35 GMT\r\ncontent-type: image/png\r\ncontent-length: 39508\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nage: 567439\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d7FskYE0RAszTzZ3wGm0XGVCf1haLQd3UcHfhpvwk4L7wxhg3k%2BPTAu4BBJpgBRLeWVjJU6rO6LwAT5295mkqqnymDOTetOsTBJbXg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c534f970b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39508,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"286f589c106cba94cc1a9d5cd1d78eff","sha1":"cfffda9f8192efa477634f30cdbdd9d1043bde44","sha256":"b7ddfb336f1978a268e39bf7aeef9c1080dccf1531da4479b0ddf6b36271f490","sha512":"51bd302e323c4a74d67b2e5e817d94ccb9619f1ec09e08408329de3dfeb2a7cfd14d344e76d7e9a605cf2dd8b32d09ac21f9be486e2c51f068008c2cc3a083f3","ssdeep":"768:ugrkgLKkvC+tj+LAb9kaLMxMQVXa8qsyy1Q4Cr/SfdaynrvHo2:FIgb9jEi9N//4CGfcyrvJ","tlshash":"a30302fa910315061e37c2b2b5cc911a2ceac8766e3a8ddcc9bab1817a945d02d1f4cf","first_seen":"2025-01-04T04:02:55.919781Z","last_seen":"2026-03-14T16:24:30.32058Z","times_seen":4,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://shadowforum.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"12bc4-61a9f8b0-a80d5c;;;\"\r\nlast-modified: Fri, 03 Dec 2021 11:00:00 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 76740\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NuDvS5%2BGWEObCYOj%2FhWH34oBfsoylMe%2Bc3l06%2FW8P%2FO45bcpjtc4B%2Ba6CcK9IodipRLpLv9rs8YItZxACgOR1a3HWSMnSvPPtqI5og%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c52ff90db517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":76740,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 76740, version 331.-31261","md5":"0511670fe2f5405105a6760294c5c51d","sha1":"61cb879dec4fa97ece0d2a26cd6767c66117841b","sha256":"c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388","sha512":"5d40e0137977dc9245bdf5dacdebfb943028f579f8391bab44e4d70c93c72e5029f72da336fe2c2a301173a5dfe2b3989a4c23dc4f178135b8b62299a182cebe","ssdeep":"1536:L02TjeihDcnTwHiN40iMr//F4X4alz2cZZvIM3VnAOjjPyunCnJTk9vSNL:L02Tje8cnGQ4hMg4o7gyVvjjPzoxk+L","tlshash":"fe7302a3e68e6457d7a1083b144be02f487d51e9bdd96df7a233cd0d821c3e6b12a711","first_seen":"2023-04-17T19:02:51Z","last_seen":"2026-05-02T09:20:16.339072Z","times_seen":4056,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":97,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/2-escrow.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/2-escrow.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"13b3-64369ed9-9e4a90;;;\"\r\nlast-modified: Wed, 12 Apr 2023 12:06:49 GMT\r\ncontent-type: image/png\r\ncontent-length: 5043\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zD02E2j%2F%2FabaY2fY02sGWMLhzcPQ4HLKV5RQ%2FDb7dDEiX56sa1Fy7s04%2Fdthf59GRy4VEtCybPzoqLYo3%2BFi7iiIo7yS0aMlRepIvw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532191cb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5043,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 61 x 70, 8-bit/color RGBA, non-interlaced","md5":"cc53e1c7c4c459dce02f4f820e2bd111","sha1":"236a28e6b36d2b455cda412e49e498d58d9c97eb","sha256":"fc1f39de4a37091c06f8b081951cc2e486828edc2aff162b1e59128cdbecde5f","sha512":"5472d119cce0df09df40a11a44e90c448a813a5dd0215fdf1b6d153d7abc9127437ca99bb0d4c81f0eddd17220432e49f02189a18c5ffac64581ca8e18d25821","ssdeep":"96:RSKG4LNkO4BwpcRz3v1W5JNps68uvwaz3qki39DP10opjT:RSKRSO4B0cRziNps0Iaz3qky9r1f1T","tlshash":"cba16d3be49daf949cc58c25907a3f97037deee2d854ed0080335408e2ae180ff75689","first_seen":"2025-01-04T04:02:55.87719Z","last_seen":"2026-03-14T16:24:30.313219Z","times_seen":4,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/assets/mobile-logo/4.png","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/assets/mobile-logo/4.png HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/css.php?css=public%3Anode_list.less%2Cpublic%3AsvPasswordTools_macros.less%2Cpublic%3Axb.less%2Cpublic%3Axb_sidebar_login.less%2Cpublic%3AxgtForumistatik.less%2Cpublic%3Aextra.less\u0026s=3\u0026l=1\u0026d=1717603673\u0026k=fbd07189ee098ed68d17a66847034a31f67e702b\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"f82-628c1122-9e4a92;;;\"\r\nlast-modified: Mon, 23 May 2022 22:56:34 GMT\r\ncontent-type: image/png\r\ncontent-length: 3970\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m6PPvBGajWyaV4DHYVqJllfNmHLAKjF22nU1i2KA4AN8ai%2BzYYQaxwhVRw1tEBAkIQMMDO0ae1%2BNtXId0El4kbQWMrDyosmb8hWX4Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532491eb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3970,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 64, 8-bit/color RGBA, non-interlaced","md5":"11bf922da70ca6b28aaba3e65682ea1f","sha1":"b94c164ace0cf94313f31c7ccb5dacca5c006460","sha256":"eaf9c22784ac36ded58729f87eaae9ee9779e9433d07baf13163bed99f99398e","sha512":"ac0f8abc45f2ba99b06ad97edbad0e0c43a66652af2f9336669b1258da52f6a842cafc466f300acbdaef8c749600a041a7226e613307e2bede56957d2df7b192","ssdeep":"","tlshash":"5b815d8923d0b4e5c74df91a119d0067c9dbe9fba42f19c3b4457a277e151864c4f1ce","first_seen":"2025-01-04T04:02:55.921695Z","last_seen":"2026-03-14T16:24:30.342032Z","times_seen":4,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/data/avatars/s/6/6760.jpg?1689323847","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:40.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"GET /data/avatars/s/6/6760.jpg?1689323847 HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 20 Dec 2025 10:27:40 GMT\r\netag: \"a45-64b10947-9a7f6d;;;\"\r\nlast-modified: Fri, 14 Jul 2023 08:37:27 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2629\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 10:27:40 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=G3E4Six22y7CPkpf90EzydFigTwMIgl8Vhti%2F1jF%2FA4cnummnlJfaubGJEwNWP2z09UxIvIh3pbwE78t44mzwID44mZ5JyAn5Eh3oA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ad4c532e93fb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2629,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"e50c97f6bc58730b0e5b374aebf275a8","sha1":"8ffc349440fb24abf0a93640490e77db31bf1969","sha256":"95110574498309273fba17295d798d7e41c6610a0ffcf18ffa96cad552b7f259","sha512":"61f777255399f925bc8c88b56c625c3fb63c905990eb0fe06eaaf34a426881b848938a3050bb8d9f90f182edf80712f3d9738c57ca39ed03c521f1e3fa427e62","ssdeep":"","tlshash":"33514c0dbb19555d2b94053188dd7021243252a38f49c7b4a5841f0aefa16d04ac77af","first_seen":"2025-01-04T04:02:55.915866Z","last_seen":"2026-03-14T16:24:30.30264Z","times_seen":4,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shadowforum.cc/cdn-cgi/rum?","fqdn":"shadowforum.cc","domain":"shadowforum.cc","tld":"cc"},"ip":{"addr":"172.67.219.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://shadowforum.cc/","date":"2025-12-13T10:27:41.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shadowforum.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 21:43:02 GMT","end":"Sun, 22 Feb 2026 22:40:41 GMT"},"fingerprint":{"sha1":"E3:C3:98:C2:8F:8A:3F:8C:EA:96:73:61:64:B1:BA:DA:E0:AF:CD:0B","sha256":"4F:A8:16:F0:25:09:23:DF:88:B8:20:83:92:FF:7B:9B:F8:BB:15:24:20:78:FD:F2:0A:95:6E:2A:26:21:DE:89"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: shadowforum.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 1014\r\nOrigin: https://shadowforum.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shadowforum.cc/\r\nCookie: xf_csrf=Vxo20a4b3RO-LBfJ; ads=1; cf_clearance=.RQPLMRygdSf0S7wyMIhMstcHLdQsYfRhxdAUwsW4QQ-1765621661-1.2.1.1-geeefwZh_I0OcXWI6FXYLGSlq6TmhRjqZoG7CfnY.h8LoCIb3IPRLAsavwJ7erA5pY4qqMavXSZoCx_nHVq1zuhjatrUf9LrftAhHm70yBVP028.qKVN3ThqQ7ER9dEjnUlx7HkqQvR4WsQJOApwL59hVBuC1l4EANfPEc.Rw8fSXmhFosus6Y4s0gUBFC8aay.mzSA0LcFjSEW_j_egspthMl2VkggwEi9Gd6tkcKI\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1014,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":900,\"startTime\":1765621659694,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2024.6.1\",\"timings\":2},\"pageloadId\":\"7c3c71eb-b250-481e-9a6a-c6350737e6e1\",\"location\":\"https://shadowforum.cc/\",\"nt\":\"navigate\",\"timingsV2\":{\"unloadEventStart\":0,\"unloadEventEnd\":0,\"domInteractive\":922,\"domContentLoadedEventStart\":954,\"domContentLoadedEventEnd\":964,\"domComplete\":1390,\"loadEventStart\":1391,\"loadEventEnd\":1391,\"type\":\"navigate\",\"redirectCount\":0,\"initiatorType\":\"navigation\",\"nextHopProtocol\":\"h2\",\"workerStart\":0,\"redirectStart\":0,\"redirectEnd\":0,\"fetchStart\":25,\"domainLookupStart\":26,\"domainLookupEnd\":32,\"connectStart\":32,\"connectEnd\":50,\"secureConnectionStart\":36,\"requestStart\":50,\"responseStart\":292,\"responseEnd\":344,\"transferSize\":30666,\"encodedBodySize\":29769,\"decodedBodySize\":139217,\"name\":\"https://shadowforum.cc/\",\"entryType\":\"navigation\",\"startTime\":0,\"duration\":1391},\"siteToken\":\"231be6172ba74bfe9354c333adf8c415\",\"st\":2}"}},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://shadowforum.cc\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QpdQXc4Ghmw2d3tR9AaxgbUtEpRm%2FdJ1VR9vFsu1axW1WpTtioqxlsoPtYDS3hRFqq4sC3zmrIZAaQMh%2F0v1LsKouJEvoUrz02E9LA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sat, 13 Dec 2025 10:27:41 GMT\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9ad4c537898db517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-02T10:30:44.699799Z","times_seen":14521028,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"shadowforum.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}